Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
205s -
max time network
37s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
15/10/2023, 17:51
Static task
static1
Behavioral task
behavioral1
Sample
1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe
-
Size
359KB
-
MD5
1ab3e99c689db8dedd0ceac7f63ba5c0
-
SHA1
7eda1fb778070c4c6e13ca1d5d2f608b7a468234
-
SHA256
9233bd72f4c869842e7c124a63d2a7b857c2d93b09af759536bd598eb309c2ca
-
SHA512
17e4e1f9bee2339dbe1ccc3284c4a21c02677750b0fd9e53c385654d125f76633fe4b7f2d946cb2f9ae155077a8bce1a8ba4365d7c6197647b9ab079c8d211c3
-
SSDEEP
6144:UF67gxpNxM1EtxqRML6Xr4q/MgVz4Y5gDKK0LHYtVzbOJo:UFg+cmxpkr4QvVzd5gz0Lexj
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2656 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe -
Loads dropped DLL 1 IoCs
pid Process 2792 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2656 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2792 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2656 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2792 wrote to memory of 2656 2792 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe 29 PID 2792 wrote to memory of 2656 2792 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe 29 PID 2792 wrote to memory of 2656 2792 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe 29 PID 2792 wrote to memory of 2656 2792 1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe"C:\Users\Admin\AppData\Local\Temp\1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Users\Admin\AppData\Local\Temp\1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exeC:\Users\Admin\AppData\Local\Temp\1ab3e99c689db8dedd0ceac7f63ba5c0_exe32_JC.exe2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of UnmapMainImage
PID:2656
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
359KB
MD5e0eae2b4a91e638e436f9a7135e897db
SHA13a19df25ea402959d770b01417714fea12be8525
SHA256812475a2e42b25af235eb1cd3b1706a4f50cf0b19c56deffae79e4ac5e429d30
SHA512878c0cb8247755a74ceaabe92f8a69b248b1b40e74d419a196e6f8ee3dc219e6a2f12e26e8601ae7a2207448f67557df7238c24c415788f5b4ca228ee487c005
-
Filesize
359KB
MD5e0eae2b4a91e638e436f9a7135e897db
SHA13a19df25ea402959d770b01417714fea12be8525
SHA256812475a2e42b25af235eb1cd3b1706a4f50cf0b19c56deffae79e4ac5e429d30
SHA512878c0cb8247755a74ceaabe92f8a69b248b1b40e74d419a196e6f8ee3dc219e6a2f12e26e8601ae7a2207448f67557df7238c24c415788f5b4ca228ee487c005