Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
15/05/2023, 01:32
Static task
static1
Behavioral task
behavioral1
Sample
87815289b110cf33af8af1decf9ff2e9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
87815289b110cf33af8af1decf9ff2e9.exe
Resource
win10v2004-20230220-en
General
-
Target
87815289b110cf33af8af1decf9ff2e9.exe
-
Size
58KB
-
MD5
87815289b110cf33af8af1decf9ff2e9
-
SHA1
09024f9ec9464f56b7e6c61bdd31d7044bdf4795
-
SHA256
a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4
-
SHA512
8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc
-
SSDEEP
768:nfiNar/0i5A9lquoNvU4n7oDBXhVa+3Y/v2pPLo6Gyfu7q3YKdX3jj60dhfp0nQR:cIxKWLvFn43bovQtu7qo43jjRDf4e
Malware Config
Signatures
-
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\MicrosoftWindowsServicesEtc\NoBreak.xjs wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1728 wrote to memory of 1988 1728 87815289b110cf33af8af1decf9ff2e9.exe 28 PID 1728 wrote to memory of 1988 1728 87815289b110cf33af8af1decf9ff2e9.exe 28 PID 1728 wrote to memory of 1988 1728 87815289b110cf33af8af1decf9ff2e9.exe 28 PID 1728 wrote to memory of 1988 1728 87815289b110cf33af8af1decf9ff2e9.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\87815289b110cf33af8af1decf9ff2e9.exe"C:\Users\Admin\AppData\Local\Temp\87815289b110cf33af8af1decf9ff2e9.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Windows\system32\wscript.exe"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\88A.tmp\89A.vbs2⤵
- Drops file in Program Files directory
PID:1988
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
383B
MD55f427dc44f33906509423d24fa0590c0
SHA1b896f7667381a594d3751e05f258925b81c231c0
SHA2569aae0707b1d5d3b7ed3bf5cc8fbb530aebd195e3e2f18312f3f7f1aa43e031b4
SHA512bd28c386772062ef945f24c8ad7a25f158856af36e31d2c9b14674cedfd34b4f48ed531cd40a7eb291384d83665ffe154f0786c1a7ee1616256cf30125120961