Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
07/11/2023, 15:58
Static task
static1
Behavioral task
behavioral1
Sample
fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe
Resource
win10v2004-20231020-en
General
-
Target
fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe
-
Size
508KB
-
MD5
38d29433e944ba129fa1457c564ddfaf
-
SHA1
77b33b7ad847ea6d1405c7909a2ce7bcba132f3d
-
SHA256
fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e
-
SHA512
08312449987c0fa3f5ac68fc0779763f6bc8932a5037d572d440a935ef037eddd8027000c41c2153fb146a4e5241b32e1bc44a80e3792a005023388d2529bf4b
-
SSDEEP
6144:vW0J07EHxsWKKCbrZXDbI33z5P/kjguInr39tAOLPvI1ILz:O4CWKKCrZTGF/k8uMxtxPvvz
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1028 cmd.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\tkjsidfsd fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 60 IoCs
pid Process 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2224 wrote to memory of 1028 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 30 PID 2224 wrote to memory of 1028 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 30 PID 2224 wrote to memory of 1028 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 30 PID 2224 wrote to memory of 1028 2224 fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe"C:\Users\Admin\AppData\Local\Temp\fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe"2⤵
- Deletes itself
PID:1028
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD557607e13338947f3b8cfd2313007a5d5
SHA17d342df8a4c95b62b345f10245c98aa85e96a9d7
SHA25611376cd62b04c22fd8ef61e677b1b4cd2a4e4a2b5249b379f2f4af90d55d363d
SHA5122654d749227e46bbb3d93df630a7c81f9cda54b3e378d56c0af7d8317831e31a23c17e3ceb3ff1820eac3dd03a968c657e6d97ce7ce1c34c561c87968be54a07
-
Filesize
118B
MD584f44d213fdf9cf5848ed781b94a0e00
SHA18528e948e8fbb0171e6bf9d55f9a7356a12fb1f9
SHA25693d8368c91697272d899be1a0f5ab34a172b8d98dc7381e610be02fbc46edc89
SHA512f944bcc0a4a1d7f9c3594228e2c9caa15f5217e16352f797052f1c0969c0b4d5ce1b999b9657bc561fc03680417eda54be177668d5599f5aaf031d0bba26f172