Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11/10/2023, 23:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
gR0Jd24.exe
Resource
win7-20230831-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
gR0Jd24.exe
Resource
win10v2004-20230915-en
1 signatures
150 seconds
General
-
Target
gR0Jd24.exe
-
Size
553KB
-
MD5
e194dea7cd10363a012aa8e1a44429c4
-
SHA1
87565e07b41e6198db4713e45b4830d1bf353963
-
SHA256
e7c0bdc7af86261b9a7cfc1c8e799d6d10bb65249428b5baace1cebc7ab72399
-
SHA512
7609f002c0b9c6b3bbecf4f246d7d98ae5ab39561e689453e064dba8b8d0548c7b9e2e5ec306d030fd03772e8c3d97aa3990090a6f7e327372af301bbb17cf8c
-
SSDEEP
12288:YlaTTFd2g+dmY6hBlE5euSULi0wI7jaErd:aYTFd2gmmja5euSU2rIiErd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 2476 wrote to memory of 2032 2476 gR0Jd24.exe 29 PID 2476 wrote to memory of 2032 2476 gR0Jd24.exe 29 PID 2476 wrote to memory of 2032 2476 gR0Jd24.exe 29 PID 2476 wrote to memory of 1824 2476 gR0Jd24.exe 30 PID 2476 wrote to memory of 1824 2476 gR0Jd24.exe 30 PID 2476 wrote to memory of 1824 2476 gR0Jd24.exe 30 PID 1824 wrote to memory of 1528 1824 cmd.exe 31 PID 1824 wrote to memory of 1528 1824 cmd.exe 31 PID 1824 wrote to memory of 1528 1824 cmd.exe 31 PID 1824 wrote to memory of 1564 1824 cmd.exe 32 PID 1824 wrote to memory of 1564 1824 cmd.exe 32 PID 1824 wrote to memory of 1564 1824 cmd.exe 32 PID 1824 wrote to memory of 1360 1824 cmd.exe 33 PID 1824 wrote to memory of 1360 1824 cmd.exe 33 PID 1824 wrote to memory of 1360 1824 cmd.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\gR0Jd24.exe"C:\Users\Admin\AppData\Local\Temp\gR0Jd24.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c COLOR 0b2⤵PID:2032
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\gR0Jd24.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:1824 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\gR0Jd24.exe" MD53⤵PID:1528
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:1564
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:1360
-
-