Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
02/01/2025, 10:34
Behavioral task
behavioral1
Sample
403e57a067075af43951a7a7010740d0b3e192570bd2231fa7cfa1a8bd2983e2.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
403e57a067075af43951a7a7010740d0b3e192570bd2231fa7cfa1a8bd2983e2.dll
Resource
win10v2004-20241007-en
General
-
Target
403e57a067075af43951a7a7010740d0b3e192570bd2231fa7cfa1a8bd2983e2.dll
-
Size
104KB
-
MD5
87a38295498a31b85077623c7dab9a3a
-
SHA1
93030a8d69c942e17dbc8ea0476c86281a1dfbe5
-
SHA256
403e57a067075af43951a7a7010740d0b3e192570bd2231fa7cfa1a8bd2983e2
-
SHA512
790bf6f0c9a9de42292b697363ad481ff05c2b5cebfe21c2dd4b384e39f30398be185780235e4cec64e9234fa42e87b37ef65d6ccea958d2d374aadb35b97cc0
-
SSDEEP
3072:uSHZVbw/iadEmIl7bO02nPNrnfhSh3u9Wki/4F22biO0:fbw/ERIi3u4JgF5iv
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3024 wrote to memory of 2124 3024 rundll32.exe 32 PID 3024 wrote to memory of 2124 3024 rundll32.exe 32 PID 3024 wrote to memory of 2124 3024 rundll32.exe 32 PID 3024 wrote to memory of 2124 3024 rundll32.exe 32 PID 3024 wrote to memory of 2124 3024 rundll32.exe 32 PID 3024 wrote to memory of 2124 3024 rundll32.exe 32 PID 3024 wrote to memory of 2124 3024 rundll32.exe 32
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\403e57a067075af43951a7a7010740d0b3e192570bd2231fa7cfa1a8bd2983e2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3024 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\403e57a067075af43951a7a7010740d0b3e192570bd2231fa7cfa1a8bd2983e2.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2124
-