Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
12/10/2022, 08:00
Static task
static1
Behavioral task
behavioral1
Sample
3550/3367.cmd
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3550/3367.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
3550/pots.dll
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
3550/pots.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
New_documents.lnk
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
New_documents.lnk
Resource
win10v2004-20220812-en
General
-
Target
3550/3367.cmd
-
Size
245B
-
MD5
c0a2c18b8e80e4a7af74bf718bbb993b
-
SHA1
7c87ef36f1763b5d5234ca45445b73bb3f49b8b2
-
SHA256
6e67d68badb493c0be327073ff68740c6cca48de5094d925593dd1248f1046c1
-
SHA512
bd84b3ba94e30169d9b12e3f1363cdc9731a728ade2717a6ebdd9de23494c0441043304fd82ad3ddc8bbb627c882df17ebeb4985c3667b38c93de9773a16b1b2
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 588 in.exe 1208 Process not Found -
Loads dropped DLL 1 IoCs
pid Process 1324 cmd.exe -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 1168 PING.EXE -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1324 wrote to memory of 1168 1324 cmd.exe 28 PID 1324 wrote to memory of 1168 1324 cmd.exe 28 PID 1324 wrote to memory of 1168 1324 cmd.exe 28 PID 1324 wrote to memory of 588 1324 cmd.exe 29 PID 1324 wrote to memory of 588 1324 cmd.exe 29 PID 1324 wrote to memory of 588 1324 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\3550\3367.cmd"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1324 -
C:\Windows\system32\PING.EXEping google.com2⤵
- Runs ping.exe
PID:1168
-
-
C:\Users\Admin\AppData\Local\Temp\in.exeC:\Users\Admin\AppData\Local\Temp\\in.exe 3550\pots.dat2⤵
- Executes dropped EXE
PID:588
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD559bce9f07985f8a4204f4d6554cff708
SHA1645c424974fbe5fe7a04cac73f1c23c96e1570b8
SHA256ca24aef558647274d019dfb4d7fd1506d84ec278795c30ba53b81bb36130dc57
SHA5123cf5825a9c7fb80ea0bd36775a92d07f34cd3709ed2c7c8f500f1c8baa5242768f6d575bd2477b77e3f177e7a4994d5c5bddb24c6eb43b60a6bd83ea026a8198
-
Filesize
19KB
MD559bce9f07985f8a4204f4d6554cff708
SHA1645c424974fbe5fe7a04cac73f1c23c96e1570b8
SHA256ca24aef558647274d019dfb4d7fd1506d84ec278795c30ba53b81bb36130dc57
SHA5123cf5825a9c7fb80ea0bd36775a92d07f34cd3709ed2c7c8f500f1c8baa5242768f6d575bd2477b77e3f177e7a4994d5c5bddb24c6eb43b60a6bd83ea026a8198
-
Filesize
19KB
MD559bce9f07985f8a4204f4d6554cff708
SHA1645c424974fbe5fe7a04cac73f1c23c96e1570b8
SHA256ca24aef558647274d019dfb4d7fd1506d84ec278795c30ba53b81bb36130dc57
SHA5123cf5825a9c7fb80ea0bd36775a92d07f34cd3709ed2c7c8f500f1c8baa5242768f6d575bd2477b77e3f177e7a4994d5c5bddb24c6eb43b60a6bd83ea026a8198