Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
27s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21/10/2022, 00:28
Behavioral task
behavioral1
Sample
4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe
Resource
win10v2004-20220812-en
General
-
Target
4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe
-
Size
242KB
-
MD5
520d8569c7328e72940d9f98d540019e
-
SHA1
63444616ec994e7d8652c99e02372d766c8485d5
-
SHA256
4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc
-
SHA512
4ced7a7a019420679baafcd537557d04d31e18faa85902767d9490ed8cc6359df80305d0fbf8c0f98d4ac7dd49ea91ab4bbb883b624818ef5545794d74b0315f
-
SSDEEP
3072:Rmnix/ZtdFgrWZd8nir31KuP7wJE5zCVFXobRNvXK8VivK0U4SSRZc0C:RF5Z/FgKz8ni8uPcZVFmjHEUfA
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1512 mincer.exe -
resource yara_rule behavioral1/files/0x0007000000005c50-54.dat upx behavioral1/files/0x0007000000005c50-55.dat upx behavioral1/files/0x0007000000005c50-57.dat upx behavioral1/memory/1192-58-0x0000000000400000-0x000000000043B000-memory.dmp upx behavioral1/memory/1512-59-0x0000000000400000-0x0000000000424A00-memory.dmp upx -
Loads dropped DLL 2 IoCs
pid Process 1192 4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe 1192 4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\MSWRITE.EXE mincer.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1192 wrote to memory of 1512 1192 4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe 28 PID 1192 wrote to memory of 1512 1192 4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe 28 PID 1192 wrote to memory of 1512 1192 4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe 28 PID 1192 wrote to memory of 1512 1192 4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe"C:\Users\Admin\AppData\Local\Temp\4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1192 -
C:\Users\Admin\AppData\Local\Temp\mincer.exeC:\Users\Admin\AppData\Local\Temp\mincer.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1512
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
146KB
MD504a3ab68310afac8616071ba1ce2b9cc
SHA149fc35dbe80440510425aadc1aff2c686051738f
SHA256fe69c0e24b0c109bdfdd615e4df74306bebf8dec16c1005c7ab0b562a008d18f
SHA512c69c1d8f768002350501ddb17b717155e379ab58adca2c20ac57419dd8c5b9364fef4ce179f967479534ee8892e42f2e4a0e5438a1a8426c93e048915f1a0091
-
Filesize
146KB
MD504a3ab68310afac8616071ba1ce2b9cc
SHA149fc35dbe80440510425aadc1aff2c686051738f
SHA256fe69c0e24b0c109bdfdd615e4df74306bebf8dec16c1005c7ab0b562a008d18f
SHA512c69c1d8f768002350501ddb17b717155e379ab58adca2c20ac57419dd8c5b9364fef4ce179f967479534ee8892e42f2e4a0e5438a1a8426c93e048915f1a0091
-
Filesize
146KB
MD504a3ab68310afac8616071ba1ce2b9cc
SHA149fc35dbe80440510425aadc1aff2c686051738f
SHA256fe69c0e24b0c109bdfdd615e4df74306bebf8dec16c1005c7ab0b562a008d18f
SHA512c69c1d8f768002350501ddb17b717155e379ab58adca2c20ac57419dd8c5b9364fef4ce179f967479534ee8892e42f2e4a0e5438a1a8426c93e048915f1a0091