Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 14:28
Behavioral task
behavioral1
Sample
c2d5c9971018d08859bcd18f1823b192.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c2d5c9971018d08859bcd18f1823b192.exe
Resource
win10v2004-20231215-en
General
-
Target
c2d5c9971018d08859bcd18f1823b192.exe
-
Size
2.7MB
-
MD5
c2d5c9971018d08859bcd18f1823b192
-
SHA1
f4b6f7c1347aad97bba2015282a07975bec069e3
-
SHA256
d0f3444b484f3e23d0697ed2182b82894b64e02d2d025fb95cc64e2fb810dab6
-
SHA512
4856920344ae81b1c0197814dad812665441af6947e2726756da87b66af4aca51d952b9560189e6e4aca07545071f25bc70b6c24a2a1f75ed4086669a0a4f887
-
SSDEEP
49152:wjO+L2KU1x8vqwR1/ZHgAIGt98c0pVxwcsXLCR9SCL2EeLPxTCkfUM65IhNH6nsk:wiOU/MH998BvwVLCHSCL2EeTFffNHHsD
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2520 c2d5c9971018d08859bcd18f1823b192.exe -
Executes dropped EXE 1 IoCs
pid Process 2520 c2d5c9971018d08859bcd18f1823b192.exe -
Loads dropped DLL 1 IoCs
pid Process 2320 c2d5c9971018d08859bcd18f1823b192.exe -
resource yara_rule behavioral1/memory/2320-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral1/files/0x000c00000001224c-10.dat upx behavioral1/files/0x000c00000001224c-15.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2320 c2d5c9971018d08859bcd18f1823b192.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2320 c2d5c9971018d08859bcd18f1823b192.exe 2520 c2d5c9971018d08859bcd18f1823b192.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2320 wrote to memory of 2520 2320 c2d5c9971018d08859bcd18f1823b192.exe 28 PID 2320 wrote to memory of 2520 2320 c2d5c9971018d08859bcd18f1823b192.exe 28 PID 2320 wrote to memory of 2520 2320 c2d5c9971018d08859bcd18f1823b192.exe 28 PID 2320 wrote to memory of 2520 2320 c2d5c9971018d08859bcd18f1823b192.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe"C:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exeC:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2520
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
710KB
MD56f84eca6895239d3a542dd7779eae23a
SHA1a3ba71db1391678a5bf371b378f7ff1425c933c5
SHA2565a392e32a09dde920dc073c61cb60f60f093868672a38121d6d5fa791b7f6903
SHA51271d10d1cb1f44b327a2161fac4bbb8bbb79c3f3d9fbe72da43a0907a5b38245ca8c20601f1c2833cee3ee1efe5fc4820bc305c77377899328438a6eef7670dfd
-
Filesize
576KB
MD51a2d9a7480d6f27d02b4ee752f33f58a
SHA1c638cb2ee7921b6bad2f1856bfd1fbf4bb6df9a2
SHA2567f6b84bf300439cc9367578bb19482220dbfdb753a96fc14fc3c27befc2f1b27
SHA51297cde76ed101d183ff1d7c9f1479799922a33019b91846e4ca8853ab0795c8163578e8290cfd66cb28571faa38c82a1cf0970c88c1fc02ecab25cea1819c2b3c