Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
08/07/2023, 09:14
Behavioral task
behavioral1
Sample
640d8f42bc765cexeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
640d8f42bc765cexeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
640d8f42bc765cexeexeexeex.exe
-
Size
49KB
-
MD5
640d8f42bc765cbb6310f8565273489d
-
SHA1
3dd582f3d247677a084cb8f65a27427a1c330808
-
SHA256
171de8e3a4ec581371697e2bfe7f1eb49f3eb9331f054bf57a76e402793b714c
-
SHA512
2fdfd7ff4c7063d870258597b372b612d5ab93a912d88d76ce8dd9886cab92eef55b482ffbb27e760dd3c9c06b80d3eb0a916df5161050068f4c5bfdfc48e5cb
-
SSDEEP
768:zQz7yVEhs9+syJP6ntOOtEvwDpjFelaB7q4:zj+soPSMOtEvwDpj4kT
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2388 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 296 640d8f42bc765cexeexeexeex.exe -
resource yara_rule behavioral1/files/0x000c000000012259-63.dat upx behavioral1/memory/296-67-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/files/0x000c000000012259-66.dat upx behavioral1/files/0x000c000000012259-75.dat upx behavioral1/memory/2388-76-0x0000000000500000-0x0000000000510000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 296 wrote to memory of 2388 296 640d8f42bc765cexeexeexeex.exe 28 PID 296 wrote to memory of 2388 296 640d8f42bc765cexeexeexeex.exe 28 PID 296 wrote to memory of 2388 296 640d8f42bc765cexeexeexeex.exe 28 PID 296 wrote to memory of 2388 296 640d8f42bc765cexeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\640d8f42bc765cexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\640d8f42bc765cexeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:296 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2388
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD57ead81e56719a873231a6dfaf8637297
SHA1e10971a44384aca950659136496085ee69b9982b
SHA256c4bfa33cf4aefc569738933686105907203869c5d6a2c98e2669025e5c813e7e
SHA51218c82b27993b237cbb06ac6d677fefd1d7b30b9d08c9d2edc8f6926ff67864f236d89243e4f528eb23754dfdf6b668598f0ffa3476931c58a1c4d7bc87d732e7
-
Filesize
49KB
MD57ead81e56719a873231a6dfaf8637297
SHA1e10971a44384aca950659136496085ee69b9982b
SHA256c4bfa33cf4aefc569738933686105907203869c5d6a2c98e2669025e5c813e7e
SHA51218c82b27993b237cbb06ac6d677fefd1d7b30b9d08c9d2edc8f6926ff67864f236d89243e4f528eb23754dfdf6b668598f0ffa3476931c58a1c4d7bc87d732e7
-
Filesize
49KB
MD57ead81e56719a873231a6dfaf8637297
SHA1e10971a44384aca950659136496085ee69b9982b
SHA256c4bfa33cf4aefc569738933686105907203869c5d6a2c98e2669025e5c813e7e
SHA51218c82b27993b237cbb06ac6d677fefd1d7b30b9d08c9d2edc8f6926ff67864f236d89243e4f528eb23754dfdf6b668598f0ffa3476931c58a1c4d7bc87d732e7