Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27/11/2022, 16:27
Static task
static1
Behavioral task
behavioral1
Sample
fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe
Resource
win10v2004-20220901-en
General
-
Target
fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe
-
Size
147KB
-
MD5
644510451a91d45dac2d2a360a8a0bfc
-
SHA1
d86a5469b2a6168af780fd3969f9eb3f3a49f0c7
-
SHA256
fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7
-
SHA512
3c82fa1c6c26a991e6b2fbde28f8a2f4809bffd618de59c35160684bd02e2d2d6cfa8bf18c69fb1594d4ecf23e560466055e7018f8b3afa12d6a5c0bb871b91d
-
SSDEEP
3072:pxC8cZP6bDtsAlCoJOdaYmG/K1BnSsVV8PxtFdo+Afbtbv0dD:pY8IP6bDtsAUnmZBnSsVV8Px9TAztI
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion svchost.exe -
Deletes itself 1 IoCs
pid Process 1992 cmd.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1976 set thread context of 1784 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe 28 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe 1784 svchost.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 1976 wrote to memory of 1784 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe 28 PID 1976 wrote to memory of 1784 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe 28 PID 1976 wrote to memory of 1784 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe 28 PID 1976 wrote to memory of 1784 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe 28 PID 1976 wrote to memory of 1784 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe 28 PID 1976 wrote to memory of 1784 1976 fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe 28 PID 1784 wrote to memory of 1992 1784 svchost.exe 29 PID 1784 wrote to memory of 1992 1784 svchost.exe 29 PID 1784 wrote to memory of 1992 1784 svchost.exe 29 PID 1784 wrote to memory of 1992 1784 svchost.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe"C:\Users\Admin\AppData\Local\Temp\fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe"1⤵
- Checks BIOS information in registry
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Windows\SysWOW64\svchost.exe"C:\Windows\system32\svchost.exe"2⤵
- Checks BIOS information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /q /c for /l %i in (1, 1, 4000000000) do if not exist "C:\Users\Admin\AppData\Local\Temp\fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe" (exit) else (del /f "C:\Users\Admin\AppData\Local\Temp\fc46dd25a97413e07769221db54d672272f8bea53a85116563cfcbfd4d3ef3d7.exe")3⤵
- Deletes itself
PID:1992
-
-