Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
09/07/2023, 17:05
Behavioral task
behavioral1
Sample
ba6463a6db64a7exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
ba6463a6db64a7exeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
ba6463a6db64a7exeexeexeex.exe
-
Size
102KB
-
MD5
ba6463a6db64a77a751ebf0d14cea091
-
SHA1
416600fc14caa101549b611a0f43671d3dea6b2d
-
SHA256
a791da51897ffc31047e2037561e783386884ef12a78682d7e4a2dfeb3f398f3
-
SHA512
6e0c1badc559f7c197cb43efe594402ff8d72c4bdbc6fd1d7642c3f23eb7e4cc58868a2c22eb68124a1dfe3d1be55cf3ea66660ff8e7a80fd1514065f4290572
-
SSDEEP
1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalRn5iF1j6GR8I:1nK6a+qdOOtEvwDpjV
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2172 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2368 ba6463a6db64a7exeexeexeex.exe -
resource yara_rule behavioral1/files/0x000c000000012279-63.dat upx behavioral1/files/0x000c000000012279-66.dat upx behavioral1/memory/2368-67-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral1/files/0x000c000000012279-75.dat upx behavioral1/memory/2172-76-0x0000000000500000-0x000000000050F311-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2368 wrote to memory of 2172 2368 ba6463a6db64a7exeexeexeex.exe 28 PID 2368 wrote to memory of 2172 2368 ba6463a6db64a7exeexeexeex.exe 28 PID 2368 wrote to memory of 2172 2368 ba6463a6db64a7exeexeexeex.exe 28 PID 2368 wrote to memory of 2172 2368 ba6463a6db64a7exeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba6463a6db64a7exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\ba6463a6db64a7exeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2172
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
102KB
MD5e97bed130f276911889a381d3c8d4df4
SHA1c4c343baf4c4e3a53f9d0279b3b8ed8529f5dfcc
SHA256ca63a18d80d79d70f07316c002fc53baede211e60fba269ea89358c52a0fa394
SHA512c814dcefb9140cbcdc85c79537f99a49101c053513771659544a453a792eb9373cbe3d7dd4475cad9b6785053485f383a7a7f7fc0bd1e5fad3d3ca06206c5321
-
Filesize
102KB
MD5e97bed130f276911889a381d3c8d4df4
SHA1c4c343baf4c4e3a53f9d0279b3b8ed8529f5dfcc
SHA256ca63a18d80d79d70f07316c002fc53baede211e60fba269ea89358c52a0fa394
SHA512c814dcefb9140cbcdc85c79537f99a49101c053513771659544a453a792eb9373cbe3d7dd4475cad9b6785053485f383a7a7f7fc0bd1e5fad3d3ca06206c5321
-
Filesize
102KB
MD5e97bed130f276911889a381d3c8d4df4
SHA1c4c343baf4c4e3a53f9d0279b3b8ed8529f5dfcc
SHA256ca63a18d80d79d70f07316c002fc53baede211e60fba269ea89358c52a0fa394
SHA512c814dcefb9140cbcdc85c79537f99a49101c053513771659544a453a792eb9373cbe3d7dd4475cad9b6785053485f383a7a7f7fc0bd1e5fad3d3ca06206c5321