Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
23/09/2023, 06:16
Static task
static1
Behavioral task
behavioral1
Sample
dmaster.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
dmaster.exe
Resource
win10v2004-20230915-en
General
-
Target
dmaster.exe
-
Size
7.4MB
-
MD5
ba03fdb3763c4ee453bb7af4ad7ba03d
-
SHA1
1d9b0ffb3b95df8d7a6db02f0cf55c388aa797d9
-
SHA256
4579c9495bc5a87e378ec69d6e21b77dfa76117f9a611ee78b54138e2cb7652c
-
SHA512
bbfc19c8e82d32037a34608338de85718f1c2653b7126cf63121369e8c980d5de460f673b0a4092e476cabaef6bb9c3d4776103af4cf5e380e631a0e741c56b7
-
SSDEEP
196608:m155RN0ztDHSbFMuxZYxR100JoUW44FNZMM97jnR+fg:+OLxR11QbNlFR+fg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2224 dmaster.tmp -
Loads dropped DLL 1 IoCs
pid Process 1932 dmaster.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2224 dmaster.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1932 wrote to memory of 2224 1932 dmaster.exe 28 PID 1932 wrote to memory of 2224 1932 dmaster.exe 28 PID 1932 wrote to memory of 2224 1932 dmaster.exe 28 PID 1932 wrote to memory of 2224 1932 dmaster.exe 28 PID 1932 wrote to memory of 2224 1932 dmaster.exe 28 PID 1932 wrote to memory of 2224 1932 dmaster.exe 28 PID 1932 wrote to memory of 2224 1932 dmaster.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\dmaster.exe"C:\Users\Admin\AppData\Local\Temp\dmaster.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Users\Admin\AppData\Local\Temp\is-A1Q7S.tmp\dmaster.tmp"C:\Users\Admin\AppData\Local\Temp\is-A1Q7S.tmp\dmaster.tmp" /SL5="$40112,7346315,121344,C:\Users\Admin\AppData\Local\Temp\dmaster.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:2224
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD570c679ba6d36d9c2e2e53c84593b1c27
SHA194f28bb5c70f138702b9397463756b6c06898874
SHA25648194401a75913646fa2258830f21e255087ed1b517d18460b1cf0dcc9c414e7
SHA512ee248d370b85bf726bf9ac17ec3abf21b8f45b0528900c92363a7233d1146f8439c40b118b1aeee18a8a90a1a1713f20815d55ce945dea74a8e0846f1b77a4c9
-
Filesize
1.1MB
MD570c679ba6d36d9c2e2e53c84593b1c27
SHA194f28bb5c70f138702b9397463756b6c06898874
SHA25648194401a75913646fa2258830f21e255087ed1b517d18460b1cf0dcc9c414e7
SHA512ee248d370b85bf726bf9ac17ec3abf21b8f45b0528900c92363a7233d1146f8439c40b118b1aeee18a8a90a1a1713f20815d55ce945dea74a8e0846f1b77a4c9