Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
07/02/2025, 18:37
Behavioral task
behavioral1
Sample
7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be.dll
Resource
win10v2004-20250207-en
General
-
Target
7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be.dll
-
Size
2.1MB
-
MD5
23168ee520a8310904339a8fd587c1e6
-
SHA1
97a5dff29de6f8c8cf150943bbaa72adffc98bb0
-
SHA256
7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be
-
SHA512
8e1c45e5daa9627a34cb680eb7d2059bca2870967c8639d1cac2b65ecc2445006d14d7618c02afd1872b5f811435728aa8d78222b37bbc74eb78aac6e60f148b
-
SSDEEP
49152:bGgJ3vE7rwsY5+a+h1cHkUnl/u9Zx/PgxeAaE/PgT5MrG:NavI5+qHxsgxeAfdrG
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2836 wrote to memory of 2980 2836 rundll32.exe 30 PID 2836 wrote to memory of 2980 2836 rundll32.exe 30 PID 2836 wrote to memory of 2980 2836 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2836 -s 522⤵PID:2980
-