Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 14:23
Behavioral task
behavioral1
Sample
bfa6206583f26651f0f5432b1d41bd49.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bfa6206583f26651f0f5432b1d41bd49.exe
Resource
win10v2004-20231215-en
General
-
Target
bfa6206583f26651f0f5432b1d41bd49.exe
-
Size
5.3MB
-
MD5
bfa6206583f26651f0f5432b1d41bd49
-
SHA1
40784f452e76b7a701c34a5bc9fe3d53ae9ca004
-
SHA256
3744359b038fd119bd7ceb27388c11057fd1d73078eb7176e8b842a7a401615d
-
SHA512
a8991703e680a5d9fd050556a1edf913a5609a54eb8c5e7e9f952c855453381bedf93da7f21da514fea061899073d2e4dad62b7ca6a0aba25e95d4b99d240936
-
SSDEEP
98304:C1zJd6ZHzfmxNqAznHjx3cksmvOnhzfmxNqAzn:zzQzbJcxnhzQzb
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2784 bfa6206583f26651f0f5432b1d41bd49.exe -
Executes dropped EXE 1 IoCs
pid Process 2784 bfa6206583f26651f0f5432b1d41bd49.exe -
Loads dropped DLL 1 IoCs
pid Process 3000 bfa6206583f26651f0f5432b1d41bd49.exe -
resource yara_rule behavioral1/memory/3000-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000b00000000e610-11.dat upx behavioral1/files/0x000b00000000e610-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3000 bfa6206583f26651f0f5432b1d41bd49.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3000 bfa6206583f26651f0f5432b1d41bd49.exe 2784 bfa6206583f26651f0f5432b1d41bd49.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3000 wrote to memory of 2784 3000 bfa6206583f26651f0f5432b1d41bd49.exe 28 PID 3000 wrote to memory of 2784 3000 bfa6206583f26651f0f5432b1d41bd49.exe 28 PID 3000 wrote to memory of 2784 3000 bfa6206583f26651f0f5432b1d41bd49.exe 28 PID 3000 wrote to memory of 2784 3000 bfa6206583f26651f0f5432b1d41bd49.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfa6206583f26651f0f5432b1d41bd49.exe"C:\Users\Admin\AppData\Local\Temp\bfa6206583f26651f0f5432b1d41bd49.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\bfa6206583f26651f0f5432b1d41bd49.exeC:\Users\Admin\AppData\Local\Temp\bfa6206583f26651f0f5432b1d41bd49.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2784
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5483448851c1446c51065b8ac4d2e6bfd
SHA1dcec2cf47888fe09cd22679fa7425cf83cfe96f8
SHA2567d7e25d93450ea325ba1761ae27345fde2f87cf9a66c3d59ecf509410956d38f
SHA512c879763038173f745cbfce90b58f7ea1d3a450475d066a83026269c06e8c3224b36ba9ac3aa0578d05567c71d2bbcfb122de32d77bec2afaae1cb988b1b015fd
-
Filesize
1.2MB
MD5717ffc3416b43d99f60cc99ba0291f62
SHA168d003397d1d533a446e0ec66b52497398ff5451
SHA256b028b57ae54532842a8c12bc814d3c4c41db25125a45a60687f172c2ce1ef90c
SHA51250cb746b29845f13b4907960b89a6b29e11465eb0f2fb6709af5251d51200b241a483ddaaa562fb278f92091d38bcac8bae127a416b266691e590a67ec392155