Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
19/12/2023, 14:39
Static task
static1
Behavioral task
behavioral1
Sample
448dccf3153fe203f575be3b2e562c20.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
448dccf3153fe203f575be3b2e562c20.exe
Resource
win10v2004-20231201-en
General
-
Target
448dccf3153fe203f575be3b2e562c20.exe
-
Size
32KB
-
MD5
448dccf3153fe203f575be3b2e562c20
-
SHA1
d1d93298e67226082f96a09b83dcbf06cbbf63d7
-
SHA256
9a0c237f5d65badeb07c53bf58c486ed81c8e31f1867969b6d936e509064be80
-
SHA512
28bc0d503e826d428f87d901df24fb8fa350bf116093f0f49fdf0f8e0e433ce35cd6a6c00513ffe7cef1e2bfe004ef67b72659dbc27f89331d01c2ec95846194
-
SSDEEP
768:AzCzDHjqcg3fwgpYK/k59zck/fDBmaXjW+D9191B:fM3fiXjWq9vb
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2212 plote.exe -
Loads dropped DLL 1 IoCs
pid Process 1836 448dccf3153fe203f575be3b2e562c20.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1836 448dccf3153fe203f575be3b2e562c20.exe 2212 plote.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1836 wrote to memory of 2212 1836 448dccf3153fe203f575be3b2e562c20.exe 28 PID 1836 wrote to memory of 2212 1836 448dccf3153fe203f575be3b2e562c20.exe 28 PID 1836 wrote to memory of 2212 1836 448dccf3153fe203f575be3b2e562c20.exe 28 PID 1836 wrote to memory of 2212 1836 448dccf3153fe203f575be3b2e562c20.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\448dccf3153fe203f575be3b2e562c20.exe"C:\Users\Admin\AppData\Local\Temp\448dccf3153fe203f575be3b2e562c20.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1836 -
C:\Users\Admin\AppData\Local\Temp\plote.exe"C:\Users\Admin\AppData\Local\Temp\plote.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2212
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5381b15ea48f1e6d6fcefa9c5221265cc
SHA112e77f5ef7a614cf4a20774ed418539aee6ce029
SHA256817dd84720756d9d28af457af7d2821f04cb3d8feff7659abe506acf4f6e14bf
SHA512c3e49842fc4bc1d9563ad884196e97d24c9bad7bacaf06c9b7d28fa0bece67bd7a284f2e7232bcfbab5f13b917b53e916782c8a158221e52964e3608f1f3687d