Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 12:57
Behavioral task
behavioral1
Sample
9374ca415443e99ad29fd646b4ab6312.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9374ca415443e99ad29fd646b4ab6312.exe
Resource
win10v2004-20231215-en
General
-
Target
9374ca415443e99ad29fd646b4ab6312.exe
-
Size
353KB
-
MD5
9374ca415443e99ad29fd646b4ab6312
-
SHA1
c3ac1b6fbd17eef29158ddce3455c1789e8617f4
-
SHA256
898b92b4faaa6403e96d7e4177990d62e59e734fb02be83a7de654b428879a9c
-
SHA512
49878aa18d83adce7ce82e55343e295adade3ba74335d986c9a0a6d76e9323844353e12df27c5933749d95bcfa7ef453c55637c7c04227d90976dcbe94c83538
-
SSDEEP
6144:H5xAZ2q3eaisJ3+w9auAB723qd2x2AXXuuVSUnj41/YdxfsLPrPwo+:IaTYuw9aBWeA2L1Unj4VYTfmE
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2108 9374ca415443e99ad29fd646b4ab6312.exe -
Executes dropped EXE 1 IoCs
pid Process 2108 9374ca415443e99ad29fd646b4ab6312.exe -
Loads dropped DLL 1 IoCs
pid Process 2164 9374ca415443e99ad29fd646b4ab6312.exe -
resource yara_rule behavioral1/memory/2164-0-0x0000000000400000-0x00000000004F1000-memory.dmp upx behavioral1/files/0x000d00000001224a-10.dat upx behavioral1/memory/2164-12-0x0000000002E60000-0x0000000002F51000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2164 9374ca415443e99ad29fd646b4ab6312.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2164 9374ca415443e99ad29fd646b4ab6312.exe 2108 9374ca415443e99ad29fd646b4ab6312.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2108 2164 9374ca415443e99ad29fd646b4ab6312.exe 29 PID 2164 wrote to memory of 2108 2164 9374ca415443e99ad29fd646b4ab6312.exe 29 PID 2164 wrote to memory of 2108 2164 9374ca415443e99ad29fd646b4ab6312.exe 29 PID 2164 wrote to memory of 2108 2164 9374ca415443e99ad29fd646b4ab6312.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe"C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exeC:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2108
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
353KB
MD52fd66109b36ab11051002f5e63383f2c
SHA1c0efadad421b06ba33b274926581be6cd92973c2
SHA256dce541dc21b7b13268be9fdb5d0381cf2dcda9094f00a84d7b66525db541cfc8
SHA5126107435d64324aab465a02d51d184f766229d76f1e7c5d4dc1348c0f0d630e2c24bc16b5ac517b2f5af75a39e497e10f61517d7a285ff6759312daee914e2196