Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 05:27
Behavioral task
behavioral1
Sample
7179c749229f1e2e51765adf39041ccc.exe
Resource
win7-20231215-en
General
-
Target
7179c749229f1e2e51765adf39041ccc.exe
-
Size
784KB
-
MD5
7179c749229f1e2e51765adf39041ccc
-
SHA1
1956683210086fa6cbd97f74eecfe8d9a9b5b877
-
SHA256
980800d67eab522709c308538d97188b2a089c610fbc8c394054ef174f7512d8
-
SHA512
027fbb6704f5fe6831db27f01391ffdc5bb12e4673eec1de487ff3997f4239c1ebd5d15e53b2d14352b5654f0305a272b747f1d4269eaf72e2606fbb33bb7867
-
SSDEEP
24576:q1EPlnFTD1kQbKUEsqS7guhWh0i9njh1fBa:qklntJkQOsqiWh0offBa
Malware Config
Signatures
-
XMRig Miner payload 9 IoCs
resource yara_rule behavioral1/memory/1060-1-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2912-17-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2912-19-0x0000000000400000-0x0000000000712000-memory.dmp xmrig behavioral1/memory/2912-25-0x0000000003060000-0x00000000031F3000-memory.dmp xmrig behavioral1/memory/2912-24-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/2912-35-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/2912-34-0x00000000005A0000-0x000000000071F000-memory.dmp xmrig behavioral1/memory/1060-16-0x0000000003100000-0x0000000003412000-memory.dmp xmrig behavioral1/memory/1060-15-0x0000000000400000-0x0000000000593000-memory.dmp xmrig -
Deletes itself 1 IoCs
pid Process 2912 7179c749229f1e2e51765adf39041ccc.exe -
Executes dropped EXE 1 IoCs
pid Process 2912 7179c749229f1e2e51765adf39041ccc.exe -
Loads dropped DLL 1 IoCs
pid Process 1060 7179c749229f1e2e51765adf39041ccc.exe -
resource yara_rule behavioral1/memory/1060-0-0x0000000000400000-0x0000000000712000-memory.dmp upx behavioral1/files/0x000d000000012246-10.dat upx behavioral1/files/0x000d000000012246-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1060 7179c749229f1e2e51765adf39041ccc.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1060 7179c749229f1e2e51765adf39041ccc.exe 2912 7179c749229f1e2e51765adf39041ccc.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1060 wrote to memory of 2912 1060 7179c749229f1e2e51765adf39041ccc.exe 17 PID 1060 wrote to memory of 2912 1060 7179c749229f1e2e51765adf39041ccc.exe 17 PID 1060 wrote to memory of 2912 1060 7179c749229f1e2e51765adf39041ccc.exe 17 PID 1060 wrote to memory of 2912 1060 7179c749229f1e2e51765adf39041ccc.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe"C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1060 -
C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exeC:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2912
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD515472ddc4d187b9e0a4c52600649ed2d
SHA193805803974779bf7e9c593de14f4a40019489e5
SHA2564207ac97bd17c3266758a54f24189a6f7a0552fb985836747aed416cca30f584
SHA512c038adfdaddcf723c81de7792280bf2fe65922cf46b69871687bcf4c1d287d7cfe3e4fa15380614943b78495c22307f6f98981b77a5aedcd1e92618f997674ec
-
Filesize
1KB
MD5da21e3cbbefce7d98545db6532341be3
SHA19536b148393c57638a284df27bcd5a0a7be8bf88
SHA2568ea6eefdaf34d041a4abb81aee21e65a657a0cebb8db3bbc4532b99d86966d45
SHA512cb473e19192d2abac9cd7c1965a29c5af55aea519937d528e4a38cc0466ef4b016dddaafc43b33f379303ab4dd32a985783e0db811ac7b22100a06bc1433bba3