Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12/10/2023, 18:53
Static task
static1
Behavioral task
behavioral1
Sample
windowsdesktop-runtime-6.0.21-win-x64.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
windowsdesktop-runtime-6.0.21-win-x64.exe
Resource
win10v2004-20230915-en
General
-
Target
windowsdesktop-runtime-6.0.21-win-x64.exe
-
Size
54.7MB
-
MD5
1a6d60add2d112dd73e83fb46dca474d
-
SHA1
8b374a54f508cfdb8c8176bfaef96f37edf7170b
-
SHA256
aa0c922c9c65f11b75747343b4711a0bdc8dc8ac1bd38da7c3ecd01ce28c8545
-
SHA512
49192c5141bb04dc19483e8b1adec9c6f56fa54ef8c55e2f4fa4aae73abf9119bb7b1dff3d8f9b3307c50de8989669398a5f6d8dc4323b81b6a1def5ee6c6e79
-
SSDEEP
786432:TrS2qTgXes/qf9pmXoOz5imhfmgnAvgOLNsLKZCTpWecUlfe4X+wxCEGe9DdoAdz:6LoraD1Oz5imhfOL3WGA7QoaW//T
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Executes dropped EXE 1 IoCs
pid Process 1704 windowsdesktop-runtime-6.0.21-win-x64.exe -
Loads dropped DLL 2 IoCs
pid Process 1720 windowsdesktop-runtime-6.0.21-win-x64.exe 1704 windowsdesktop-runtime-6.0.21-win-x64.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1720 wrote to memory of 1704 1720 windowsdesktop-runtime-6.0.21-win-x64.exe 28 PID 1720 wrote to memory of 1704 1720 windowsdesktop-runtime-6.0.21-win-x64.exe 28 PID 1720 wrote to memory of 1704 1720 windowsdesktop-runtime-6.0.21-win-x64.exe 28 PID 1720 wrote to memory of 1704 1720 windowsdesktop-runtime-6.0.21-win-x64.exe 28 PID 1720 wrote to memory of 1704 1720 windowsdesktop-runtime-6.0.21-win-x64.exe 28 PID 1720 wrote to memory of 1704 1720 windowsdesktop-runtime-6.0.21-win-x64.exe 28 PID 1720 wrote to memory of 1704 1720 windowsdesktop-runtime-6.0.21-win-x64.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.21-win-x64.exe"C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.21-win-x64.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Windows\Temp\{20CBDF4E-F9B6-48EA-A4BB-96B1A1F1B4F7}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe"C:\Windows\Temp\{20CBDF4E-F9B6-48EA-A4BB-96B1A1F1B4F7}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=1882⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1704
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\Temp\{20CBDF4E-F9B6-48EA-A4BB-96B1A1F1B4F7}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
Filesize610KB
MD5ff67a2a55ed6998ab527273d547fc00f
SHA1852712b95ca05de8f336f07ff9ac672281b91215
SHA25671dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9
SHA51248eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9
-
C:\Windows\Temp\{20CBDF4E-F9B6-48EA-A4BB-96B1A1F1B4F7}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
Filesize610KB
MD5ff67a2a55ed6998ab527273d547fc00f
SHA1852712b95ca05de8f336f07ff9ac672281b91215
SHA25671dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9
SHA51248eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9
-
Filesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
Filesize
610KB
MD5ff67a2a55ed6998ab527273d547fc00f
SHA1852712b95ca05de8f336f07ff9ac672281b91215
SHA25671dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9
SHA51248eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9
-
Filesize
197KB
MD54356ee50f0b1a878e270614780ddf095
SHA1b5c0915f023b2e4ed3e122322abc40c4437909af
SHA25641a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691