Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 14:13
Static task
static1
Behavioral task
behavioral1
Sample
bb20cce9c40afb6ef79aef4d73778211.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bb20cce9c40afb6ef79aef4d73778211.exe
Resource
win10v2004-20231215-en
General
-
Target
bb20cce9c40afb6ef79aef4d73778211.exe
-
Size
1.9MB
-
MD5
bb20cce9c40afb6ef79aef4d73778211
-
SHA1
6c07d0704f43dc9c73c909c29f8b0f1aed58d99a
-
SHA256
489d55e4b4d9464e38e1306c9165ffeab093f8815433928fd101bc8e0bb59a25
-
SHA512
35a424f9578808814ac551346171ea86351fdf24db9e500b1877bba0bf36d16d6bb02c82633f299a4ca3d54e990e727922f3585a984f8c38f5db4db8f9ff403f
-
SSDEEP
49152:Qoa1taC070dNliT+RYCqz8+ihFrb39WQS/Pq:Qoa1taC02cqK7z8tF1WQSq
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2524 FF8.tmp -
Executes dropped EXE 1 IoCs
pid Process 2524 FF8.tmp -
Loads dropped DLL 1 IoCs
pid Process 2988 bb20cce9c40afb6ef79aef4d73778211.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2988 wrote to memory of 2524 2988 bb20cce9c40afb6ef79aef4d73778211.exe 28 PID 2988 wrote to memory of 2524 2988 bb20cce9c40afb6ef79aef4d73778211.exe 28 PID 2988 wrote to memory of 2524 2988 bb20cce9c40afb6ef79aef4d73778211.exe 28 PID 2988 wrote to memory of 2524 2988 bb20cce9c40afb6ef79aef4d73778211.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb20cce9c40afb6ef79aef4d73778211.exe"C:\Users\Admin\AppData\Local\Temp\bb20cce9c40afb6ef79aef4d73778211.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Users\Admin\AppData\Local\Temp\FF8.tmp"C:\Users\Admin\AppData\Local\Temp\FF8.tmp" --splashC:\Users\Admin\AppData\Local\Temp\bb20cce9c40afb6ef79aef4d73778211.exe 80B626666672E828C8DF49843758CA679EFF73CE4BA2AF0CA96DA5F027CB130679DCF3E50C16579B5DC5D61DB6CC11D3300284808AFF730FD660128C66A0FEC32⤵
- Deletes itself
- Executes dropped EXE
PID:2524
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5e5dd8b0f7d71b7ca383dd0e907165471
SHA121677fd744de6421c58d6cc3c41340689fcab317
SHA256fda3ed6d384c21da5ce7fa58d94e11f3bd94f5e37094bf5530bb3ab46340440e
SHA51254f6d0202a54bb298ff8a850b907b399fdbffb2d1414c6d51e5ec40dd178c2827a90b9f139ad1f3f94fb63a2ebf6dd1cd4805ea1c56dbd5cc117c07cf6a54eef