Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
06/02/2025, 22:33
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.Evo-gen.16007.19374.dll
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.Evo-gen.16007.19374.dll
Resource
win10v2004-20250129-en
General
-
Target
SecuriteInfo.com.Win64.Evo-gen.16007.19374.dll
-
Size
2.2MB
-
MD5
a8b2af15cfc2fb0259459412e55334e2
-
SHA1
38ce03bbe014489f40aaaa863f88fe4f8d299030
-
SHA256
c0c17a2d3ad170ba6b60096b7966d954bdab9fd8c333d7727e74e2b2f927fcc8
-
SHA512
539c0b2b7a076714a8cfa75a0b63bd0b917711b7bc5cff7e87684cc0bd0c8ec5e995c6f0c6b159b86ce1166e1254411cb9e635170447bd214c96f7e902e3ea64
-
SSDEEP
49152:/ZzQqIEjvDQPOnR5mSBn/VSlsBzXHWtSyZS:/YcxyZ
Malware Config
Extracted
latrodectus
1.4
https://apworsindos.com/test/
https://reminasolirol.com/test/
-
group
Mimikast
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
Extracted
latrodectus
Signatures
-
Latrodectus family
-
Latrodectus loader
Latrodectus is a loader written in C++.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1832 wrote to memory of 3048 1832 rundll32.exe 30 PID 1832 wrote to memory of 3048 1832 rundll32.exe 30 PID 1832 wrote to memory of 3048 1832 rundll32.exe 30