Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
08/12/2023, 02:23
Behavioral task
behavioral1
Sample
b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe
Resource
win10v2004-20231127-en
General
-
Target
b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe
-
Size
903KB
-
MD5
2083b5d00811bbe0511bae9558aaafa5
-
SHA1
751894715369037f8219bf7be2435c3f5e27e78f
-
SHA256
b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4
-
SHA512
f683bdc6498973205bfff8e4727ecfe4871b3ccf7999267a1b84a538c007bb31355415e9deb367a2160b46b8311ac6fdb080fe8d4cb6b4481826a9cdc435f2ed
-
SSDEEP
12288:4Gd4qIuUY0lW/+0d7dG1lFlWcYT70pxnnaaoawiRVcTqSA+9rZNrI0AilFEvxHv7:8qd4MROxnFrLqrZlI0AilFEvxHicKe
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2580 wrote to memory of 1900 2580 b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe 29 PID 2580 wrote to memory of 1900 2580 b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe 29 PID 2580 wrote to memory of 1900 2580 b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe 29 PID 1900 wrote to memory of 2712 1900 csc.exe 30 PID 1900 wrote to memory of 2712 1900 csc.exe 30 PID 1900 wrote to memory of 2712 1900 csc.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe"C:\Users\Admin\AppData\Local\Temp\b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cspxp0db.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES43F4.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC43F3.tmp"3⤵PID:2712
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5acc7baab20125903483bf033c0d3b5d8
SHA163bcbe73243dfcebad2d71c85e87d039fcdf2652
SHA2563c9384ac89a1a99ef148f2a161c3d9842f421c70cb64bce65c4d19f545a04bf0
SHA512c9a20e6e6c925cbab5e5a6711f678e3aa1c4418803f7822830a9ffa64500bef8ddc6c0f25a630096b0fb335af94f281828ab177497de6e1b64d5799aac997ff9
-
Filesize
76KB
MD513e48cbbc99ecd216989ee199add48ce
SHA1087d9e2ecb0be81e273d3cda5c0f6153ba6969e0
SHA25615cafa6239cb97219c2e57ecb32d6389a736cfe0c1ee26fd3d43a4243b759de6
SHA512e106a96dfc7418fd87fd2b30e80b578e97abd4a2b32781a71d9bfa4b37237dec6d78ad7ad503b4e3247554f83bd9163481886fbe217b8a8d1d7fb2628aad96df
-
Filesize
676B
MD53745bd343e1866bf5ab0b9fa883f601c
SHA1c83e485074463124c223d1f1654148c9953219e7
SHA2568027bdd42e9d04c30ac3c43e60a2e22e0145f236261c7a40764724457b04115e
SHA512ef1724356be9b71badea98d131ea99764d5ea9fb677bc23c716f3dba2d28d87f33850069342b7250da4f3840db599869bfad80698ca083d85418716dfe0d3fa7
-
Filesize
208KB
MD5250321226bbc2a616d91e1c82cb4ab2b
SHA17cffd0b2e9c842865d8961386ab8fcfac8d04173
SHA256ef2707f83a0c0927cfd46b115641b9cae52a41123e4826515b9eeb561785218d
SHA512bda59ca04cdf254f837f2cec6da55eff5c3d2af00da66537b9ebaa3601c502ae63772f082fd12663b63d537d2e03efe87a3b5746ef25e842aaf1c7d88245b4e1
-
Filesize
349B
MD5bb018212f5c99c26e63fd1c312de08ff
SHA103627483e677f84d398981d5bf7815675f2aade7
SHA2568018c137be52002dd9acfc4b7c50424402b59d645d6beaa94154c24f246b8d94
SHA512e540a3091f8a722de8f4704829fd783f37973b1a6a2ea682383ed3452cee6aa1a6943f003c74de48c6a37902c7abf694ff9c76d8228c1f6928d0be5b73d956d5