Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12/10/2023, 10:58
Static task
static1
Behavioral task
behavioral1
Sample
bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe
Resource
win10v2004-20230915-en
General
-
Target
bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe
-
Size
12.1MB
-
MD5
8f3b46fd4f767c402a9a8cf1005ce625
-
SHA1
79b3952cb97c1ab4ba0be6d2bc33f127a6632236
-
SHA256
bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866
-
SHA512
0a7cde34048db7a595dd66573b995fc0c3bb7f4d55cbee7c0ffb5636030ea73941772382ffeaa730dc821def0b5df42250b9abf3811e14651b31b9e3e57df71a
-
SSDEEP
393216:FQK3CpW2+3c+7yNUGTIqaGBwldX07lh9Z:FwvA78UGT9BY+7lhT
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2232 wrote to memory of 1072 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 28 PID 2232 wrote to memory of 1072 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 28 PID 2232 wrote to memory of 1072 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 28 PID 2232 wrote to memory of 1072 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 28 PID 2232 wrote to memory of 1420 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 29 PID 2232 wrote to memory of 1420 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 29 PID 2232 wrote to memory of 1420 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 29 PID 2232 wrote to memory of 1420 2232 bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe"C:\Users\Admin\AppData\Local\Temp\bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Windows\SysWOW64\cmd.execmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.exe"2⤵PID:1072
-
-
C:\Windows\SysWOW64\cmd.execmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.dll"2⤵PID:1420
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD51a9087545210ee8a8e05953c2455ca3a
SHA1714dff82be6042eac88ca31cd246ad1fb5e81012
SHA256df005341b817b75a53dc6f10c08973a3a6386f1b8f9cb582c3d0c463052c21c7
SHA5126e50f22d604ce8985de0ca113d52e60d82e11a3ef54cffd0dc60f34c089291f10e1a911103baf7aea03a1d40debf07e83509581292c6a78aa99280b8039cd4e2
-
Filesize
1KB
MD5fa58381eaca60a6c34e22c4f6f989286
SHA1f60c5b23e58cc417b39048cfc75eaa79b289758e
SHA2565f15e3167fb1d0dd76a5504f369014ae31e3a8034a5fd41bd5acce104fcad91b
SHA512366a41f027e232c896368f72512048f09174c1b514c76125c1953bc001b7453d266a13a023c68a3c9fa597fb235c7d1c224993bc9779054eb8502f513fe2da25
-
C:\Users\Admin\AppData\Local\Temp\bc3a8665452f01ea648364c23d9446ccb020661a796f84f7eea76687d58cd866.exepack.tmp
Filesize2KB
MD574a22013288134310071232f3e4db83d
SHA1667203336ae831ea304072b10f566f21f4821f73
SHA2568ffdfa2011d76ffd61d0a36157aebf65829150c8d7bcfd2ba71b971a76d38c15
SHA512ba8309cef3931084b69a239dfe11d8b940de80347d2519703b9d7d520cd0ea96489ade1a789c05fe0e379c8ab14976b53bd469a86f5b994cd8ac0c2ba476b1b2