Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 04:22
Behavioral task
behavioral1
Sample
63144c6e5b1f3c58af06dccd90a61a8d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
63144c6e5b1f3c58af06dccd90a61a8d.exe
Resource
win10v2004-20231215-en
General
-
Target
63144c6e5b1f3c58af06dccd90a61a8d.exe
-
Size
5.1MB
-
MD5
63144c6e5b1f3c58af06dccd90a61a8d
-
SHA1
9c9e895963d12f0bb879f314835363a17d4b539f
-
SHA256
d7391ffd76b0e939721aafe1a8e7a10f6393f2656f80c4c2b9ece65137e9df84
-
SHA512
2698722e1422cf1817da3d5f2a3bf17efe55390398fa92a7e5c66af9a6c6f485b5a94f0d0172607b0466caf92b2de5be066d1be337402bca56ddfc20ebee6dfc
-
SSDEEP
98304:xYws5suGwSxyCMjekTP3rIaCbGK5Iqs3:x0hSxzW8bGK
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2668 63144c6e5b1f3c58af06dccd90a61a8d.exe -
Executes dropped EXE 1 IoCs
pid Process 2668 63144c6e5b1f3c58af06dccd90a61a8d.exe -
Loads dropped DLL 1 IoCs
pid Process 2420 63144c6e5b1f3c58af06dccd90a61a8d.exe -
resource yara_rule behavioral1/memory/2420-0-0x0000000000400000-0x0000000000D9E000-memory.dmp upx behavioral1/files/0x00080000000122c9-14.dat upx behavioral1/files/0x00080000000122c9-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2420 63144c6e5b1f3c58af06dccd90a61a8d.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2420 63144c6e5b1f3c58af06dccd90a61a8d.exe 2668 63144c6e5b1f3c58af06dccd90a61a8d.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2420 wrote to memory of 2668 2420 63144c6e5b1f3c58af06dccd90a61a8d.exe 28 PID 2420 wrote to memory of 2668 2420 63144c6e5b1f3c58af06dccd90a61a8d.exe 28 PID 2420 wrote to memory of 2668 2420 63144c6e5b1f3c58af06dccd90a61a8d.exe 28 PID 2420 wrote to memory of 2668 2420 63144c6e5b1f3c58af06dccd90a61a8d.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\63144c6e5b1f3c58af06dccd90a61a8d.exe"C:\Users\Admin\AppData\Local\Temp\63144c6e5b1f3c58af06dccd90a61a8d.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Users\Admin\AppData\Local\Temp\63144c6e5b1f3c58af06dccd90a61a8d.exeC:\Users\Admin\AppData\Local\Temp\63144c6e5b1f3c58af06dccd90a61a8d.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2668
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
618KB
MD51e1a9822cf8e1cf0efa5bb23e6c78024
SHA149cfd9cc2d9f7a622b0bbaf2f074a0fa85444c06
SHA2565f6dc0964fab35c436af8f1c2552f77c4bb19474190a2e880b6c850eb737068f
SHA51228a81fe8cde9d15cb91701338d733d618a03a7a6cdc3f7aaf9c13ed4fa24e498d723c1faf97f9b6a32f29f0ab2fdd1600c46761b6da95e43877ed0a26e26c680
-
Filesize
439KB
MD5edf5f8c66699466acf1165bede4c2c23
SHA16836285aec4f51abfb7dd76f5066bb52da652014
SHA256ed91030a8fdd2eb62141d1e0f643e9f87fc3ebf0280e592acc69bf5b53fda07f
SHA512f6adde8c5e8c6eae1ffec33f62ff0c8d5dc058ed6d79bab8ff6d2a18113049849f19084b39adb6bfaaa5c5ee4440623725dfa32bfb68278d0f891168f086ccfe