Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/12/2023, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
af92a59c5f110d0cbb84e33e34f31950.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
af92a59c5f110d0cbb84e33e34f31950.exe
Resource
win10v2004-20231215-en
General
-
Target
af92a59c5f110d0cbb84e33e34f31950.exe
-
Size
1.9MB
-
MD5
af92a59c5f110d0cbb84e33e34f31950
-
SHA1
0b1d8085edf49188529cb950aeb0f0204422bbe7
-
SHA256
f456c4258e3abb2cd8ed7872fb8e10515bf3838a31b21aad374e1bd28a1c5f49
-
SHA512
b080d133f844fe92d3f3b51aa5bfc13a0c7d09b8c56c9e8fc75f86da76f98496bfcfce9bea84df853a51fb03e63b94c7198fd8e3e4f46cefa5c19971926608c6
-
SSDEEP
49152:Qoa1taC070dWx8YAQdeC/MgqL9Q+2Ev4Q:Qoa1taC04OzS99t7
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2200 7E83.tmp -
Executes dropped EXE 1 IoCs
pid Process 2200 7E83.tmp -
Loads dropped DLL 1 IoCs
pid Process 2008 af92a59c5f110d0cbb84e33e34f31950.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2008 wrote to memory of 2200 2008 af92a59c5f110d0cbb84e33e34f31950.exe 28 PID 2008 wrote to memory of 2200 2008 af92a59c5f110d0cbb84e33e34f31950.exe 28 PID 2008 wrote to memory of 2200 2008 af92a59c5f110d0cbb84e33e34f31950.exe 28 PID 2008 wrote to memory of 2200 2008 af92a59c5f110d0cbb84e33e34f31950.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe"C:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Users\Admin\AppData\Local\Temp\7E83.tmp"C:\Users\Admin\AppData\Local\Temp\7E83.tmp" --splashC:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe B7DFE7E9B787BA8BFFAE2844FCE383AC3CC7DCE4EACB3D5EFB4E02141A96DE07EDC71C8661D82E515841A46DA6558C6A24B56D504E3D993EAABF5C6CBFDACA152⤵
- Deletes itself
- Executes dropped EXE
PID:2200
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD57802815bc6b526e1be9a191c7f65dbd4
SHA10982f2564177468b6aaae534fb8a3595575f9ac9
SHA2564697efcd838ddd67d52bb4e4e9729e7b670de8909bef75a7bfca991740b91607
SHA51260ef2598cced97ba8f438e932d1da1943b8194077cd0797f2efc3c46886a8ea9a2dcfd27435541e56f645821c37ef9a903da86193d035f51c78c555de671e194