Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
18s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
02/10/2024, 02:57
Static task
static1
Behavioral task
behavioral1
Sample
1b0eecf7886b085d17c3b110c41e25d2cf2a468ee28b13ecf6b571b71ee61f22N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1b0eecf7886b085d17c3b110c41e25d2cf2a468ee28b13ecf6b571b71ee61f22N.dll
Resource
win10v2004-20240802-en
General
-
Target
1b0eecf7886b085d17c3b110c41e25d2cf2a468ee28b13ecf6b571b71ee61f22N.dll
-
Size
51KB
-
MD5
f5bd54dd6796e4d67774ac6be5f1b000
-
SHA1
8fa0b1feab6d7e5c1b9df871f40d66f1a6e104d6
-
SHA256
1b0eecf7886b085d17c3b110c41e25d2cf2a468ee28b13ecf6b571b71ee61f22
-
SHA512
2ca846f16abaa4ed3f0570a710da1d92ce223b119975391ca5e293b1990ea8eb2848a92eb020d900a59ccb2155e11a9fa67c4c0ae591ba1aa4ac1e8bc7c91f2f
-
SSDEEP
1536:lRdU3Sz3CkkDPZB7y77Qs82cnuHnCcDkwD9/f/Qzz:lrU3Sz3CcSn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2872 wrote to memory of 2912 2872 rundll32.exe 28 PID 2872 wrote to memory of 2912 2872 rundll32.exe 28 PID 2872 wrote to memory of 2912 2872 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0eecf7886b085d17c3b110c41e25d2cf2a468ee28b13ecf6b571b71ee61f22N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2872 -s 802⤵PID:2912
-