Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/12/2023, 14:40
Static task
static1
Behavioral task
behavioral1
Sample
44dc9df5f92cbe0388491f4de6ba350f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
44dc9df5f92cbe0388491f4de6ba350f.exe
Resource
win10v2004-20231215-en
General
-
Target
44dc9df5f92cbe0388491f4de6ba350f.exe
-
Size
14KB
-
MD5
44dc9df5f92cbe0388491f4de6ba350f
-
SHA1
2a423a5dae28085c617a6390c510271b070c0aa7
-
SHA256
2673a50b4c65a34ec024b9f62d53cdf7bfa6f86518fa61f1bcbd0fa19a0da795
-
SHA512
cabc33ba472bdd2d6d08903cc4dd02d055d26b708fcc2ff4ec0e30e90963e67f08d7b0a3744ba30e155c8ff2c0c63528dfdeed79f70ace1fa392a22a0dbb5e73
-
SSDEEP
384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhR0G:hDXWipuE+K3/SSHgx4G
Malware Config
Signatures
-
Executes dropped EXE 6 IoCs
pid Process 2844 DEM54F3.exe 2656 DEMAC08.exe 1172 DEM187.exe 1396 DEM57D1.exe 2800 DEMAE0B.exe 1716 DEM4D1.exe -
Loads dropped DLL 6 IoCs
pid Process 1692 44dc9df5f92cbe0388491f4de6ba350f.exe 2844 DEM54F3.exe 2656 DEMAC08.exe 1172 DEM187.exe 1396 DEM57D1.exe 2800 DEMAE0B.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 1692 wrote to memory of 2844 1692 44dc9df5f92cbe0388491f4de6ba350f.exe 29 PID 1692 wrote to memory of 2844 1692 44dc9df5f92cbe0388491f4de6ba350f.exe 29 PID 1692 wrote to memory of 2844 1692 44dc9df5f92cbe0388491f4de6ba350f.exe 29 PID 1692 wrote to memory of 2844 1692 44dc9df5f92cbe0388491f4de6ba350f.exe 29 PID 2844 wrote to memory of 2656 2844 DEM54F3.exe 33 PID 2844 wrote to memory of 2656 2844 DEM54F3.exe 33 PID 2844 wrote to memory of 2656 2844 DEM54F3.exe 33 PID 2844 wrote to memory of 2656 2844 DEM54F3.exe 33 PID 2656 wrote to memory of 1172 2656 DEMAC08.exe 35 PID 2656 wrote to memory of 1172 2656 DEMAC08.exe 35 PID 2656 wrote to memory of 1172 2656 DEMAC08.exe 35 PID 2656 wrote to memory of 1172 2656 DEMAC08.exe 35 PID 1172 wrote to memory of 1396 1172 DEM187.exe 37 PID 1172 wrote to memory of 1396 1172 DEM187.exe 37 PID 1172 wrote to memory of 1396 1172 DEM187.exe 37 PID 1172 wrote to memory of 1396 1172 DEM187.exe 37 PID 1396 wrote to memory of 2800 1396 DEM57D1.exe 40 PID 1396 wrote to memory of 2800 1396 DEM57D1.exe 40 PID 1396 wrote to memory of 2800 1396 DEM57D1.exe 40 PID 1396 wrote to memory of 2800 1396 DEM57D1.exe 40 PID 2800 wrote to memory of 1716 2800 DEMAE0B.exe 41 PID 2800 wrote to memory of 1716 2800 DEMAE0B.exe 41 PID 2800 wrote to memory of 1716 2800 DEMAE0B.exe 41 PID 2800 wrote to memory of 1716 2800 DEMAE0B.exe 41
Processes
-
C:\Users\Admin\AppData\Local\Temp\44dc9df5f92cbe0388491f4de6ba350f.exe"C:\Users\Admin\AppData\Local\Temp\44dc9df5f92cbe0388491f4de6ba350f.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Users\Admin\AppData\Local\Temp\DEM54F3.exe"C:\Users\Admin\AppData\Local\Temp\DEM54F3.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\Users\Admin\AppData\Local\Temp\DEMAC08.exe"C:\Users\Admin\AppData\Local\Temp\DEMAC08.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Users\Admin\AppData\Local\Temp\DEM187.exe"C:\Users\Admin\AppData\Local\Temp\DEM187.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1172 -
C:\Users\Admin\AppData\Local\Temp\DEM57D1.exe"C:\Users\Admin\AppData\Local\Temp\DEM57D1.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Users\Admin\AppData\Local\Temp\DEMAE0B.exe"C:\Users\Admin\AppData\Local\Temp\DEMAE0B.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Users\Admin\AppData\Local\Temp\DEM4D1.exe"C:\Users\Admin\AppData\Local\Temp\DEM4D1.exe"7⤵
- Executes dropped EXE
PID:1716
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD590e4245374185b1ca02d0c09c2741cbd
SHA124c71b66ed9da48d8176eb04fde532d4d5bfadf0
SHA256e2b6c2ad38665fecc8f3189bfa4340b74b04f341e64acef010cd619fa328e563
SHA512dc0bc261c7cc995b5bb55ced6231fcc18bd205fef1ebc97d4c4d52334fb4b8cdeac1613f24d2983902ce7dfdb4e37e54af83e05044338d01ce618364af635a1a
-
Filesize
14KB
MD5c00e1a87e91bddbd94608b81f8cc0d3f
SHA133fd61d99c6a7378f78c5b501e85f33c0c71bed7
SHA25681d12cbd6afe90714d0368bec72b2b9dd97b32ba28a459eba43de2ed6bf6a310
SHA5121606c5cbe408125896f20577b0e36e2138591c96a1c85d73526d05fdb02f23c404c6a255c0c204f801d31181483bd73b2ce6491ea9433c41b22a54d8d2578365
-
Filesize
14KB
MD54825b7ebc39bcb2120e2fa4ec0de3ad5
SHA195e8cba88778008b4dcb417564dc6e841e07d1dc
SHA25666e34763dd8a71b5ede805e40ae209b272df39fc3f9a6058482f413ec3afbc3c
SHA51264f5b060fa28ad5000f9023bb6fc1373cbe6c18e87fc10c714f87d52b7521f65b49b10c37efa8d70f960c18b1d8c3e05711182a230347aa32e968eaebd5609f9
-
Filesize
14KB
MD5fe3f9114b8eab108a042cc9ab048929c
SHA15c7f5f66bfdd7baeb95239c1c21a3b7d4e8aca2b
SHA25640696365a091221fde65d1b62eec67e520d87e3fa160f0d9d3a09464e8f975d3
SHA5124bde18ff57fd20bcad24a8de065d6001c298b6c26dd22e8d117ee508ccf5925326a43e088adbab316d5bc28ea5ee3e95dce921b7e2075575b0a3e0aefe26c979
-
Filesize
14KB
MD5893f65e044ba2156c1744b6246188f0e
SHA12a5df321cc57ce04b31fe3a174ca45eb14fdbba9
SHA256f96491f71839c3b383704b1991a8dff6c24f2e16c28023f7c744e74a52dfbcea
SHA51217e2b944fe463b8f0a36c14eb03487d2238aa77edba6bb3dfc3200920a7e47810fe4cb396f406fdc7202d81287d68bb7e4aa7d8d5443f7773b87034ab1ee60ec
-
Filesize
14KB
MD5f52122521c52e9b18ed5eb7e7095d89c
SHA1cf675368b2cf6f193cd7a6197de82f8e06af87da
SHA2564755fe648fb07df1079da0b18fd25d1788c5f39ae136fef3898c0612e9a0b4fc
SHA512a0f51e404e2f91fe6dcbc293a39b3b3d39b3152f0615d3ad3a120cebcb7976edf20b1ff918a8c21227b32b5bd163b29b373c389d8f7a1ab688adbd1c033c6a63