Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02/02/2023, 10:43
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20221111-en
General
-
Target
tmp.exe
-
Size
6KB
-
MD5
679104fb0479ff61c4b5e4b88f77d94b
-
SHA1
bfbcb5d48fb4ab25d52e4e1bedf37a4e7a4a3cab
-
SHA256
4134bd82bbea78103d0e32728df856870eaa2c0188b59423115c7d779b2bf83a
-
SHA512
7cb36200865267885939956614a7b8603cd16575a3857e0ecc238ff22d296b29bfb208bb11f61f3856278f6b4585afdb2c8456d2f2630f0fbc33fa298df0253e
-
SSDEEP
192:zU3efq7iEM9gdH98dfQbLE5lF22vjWwID:Q3efq7iEM9gdH98dfgLE5lI2vjlI
Malware Config
Extracted
purecrypter
https://onedrive.live.com/download?cid=A113DD34A0D77810&resid=A113DD34A0D77810%21125&authkey=AIgE8y9D-kUp_qA
Signatures
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Program crash 1 IoCs
pid pid_target Process procid_target 672 2024 WerFault.exe 22 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2024 tmp.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2024 wrote to memory of 672 2024 tmp.exe 28 PID 2024 wrote to memory of 672 2024 tmp.exe 28 PID 2024 wrote to memory of 672 2024 tmp.exe 28 PID 2024 wrote to memory of 672 2024 tmp.exe 28