Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
110s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
02/10/2024, 21:21
Static task
static1
Behavioral task
behavioral1
Sample
65fa9ba6cc3ff61c8361471a460236584fd0ade87986c78383a2e37015b87047N.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
65fa9ba6cc3ff61c8361471a460236584fd0ade87986c78383a2e37015b87047N.dll
Resource
win10v2004-20240802-en
General
-
Target
65fa9ba6cc3ff61c8361471a460236584fd0ade87986c78383a2e37015b87047N.dll
-
Size
24KB
-
MD5
fdbca8ad3f3b31dc191fadf33bf1b8e0
-
SHA1
97caea80f578b3d5cd275fd76e73202686bce3a0
-
SHA256
65fa9ba6cc3ff61c8361471a460236584fd0ade87986c78383a2e37015b87047
-
SHA512
a007ed64f4a0e1dc4668b89c3fe46425872ce5bb5b8bf46d49ce770383b2ca09b8ab63131a7083ad179a6ca47471a9ee49b101fcf179ee89aac0797b1300a18f
-
SSDEEP
384:uRCJ8mkOMEPbqqCs3iMsk3HXqBH5Wk8hNwK5jBk5Yma8wbJ7cXGKwPRQpqdwcpew:PJ5zdDxF3OkHXqR5WkiNwck6peXGKISK
Malware Config
Signatures
-
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\clbcatq.dll395715068 rundll32.exe File opened for modification C:\Windows\linkinfo.dll1398332398 rundll32.exe File created C:\Windows\linkinfo.dll rundll32.exe File created C:\Windows\twain_86.dll rundll32.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2552 wrote to memory of 1456 2552 rundll32.exe 29 PID 2552 wrote to memory of 1456 2552 rundll32.exe 29 PID 2552 wrote to memory of 1456 2552 rundll32.exe 29 PID 2552 wrote to memory of 1456 2552 rundll32.exe 29 PID 2552 wrote to memory of 1456 2552 rundll32.exe 29 PID 2552 wrote to memory of 1456 2552 rundll32.exe 29 PID 2552 wrote to memory of 1456 2552 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65fa9ba6cc3ff61c8361471a460236584fd0ade87986c78383a2e37015b87047N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65fa9ba6cc3ff61c8361471a460236584fd0ade87986c78383a2e37015b87047N.dll,#12⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1456
-