Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 16:10
Behavioral task
behavioral1
Sample
ea62b72024ee0e2022052adc921e04d1.exe
Resource
win7-20231215-en
General
-
Target
ea62b72024ee0e2022052adc921e04d1.exe
-
Size
784KB
-
MD5
ea62b72024ee0e2022052adc921e04d1
-
SHA1
692808145544f0f93100c96847c627968565482e
-
SHA256
b8a073f84c98286d476318ea10703d968de31d562eede622c71e9e7abeaa467d
-
SHA512
4ca583a719f0efce0a3e25f111b1a767bcc1e46467c97961ada0e41f163a8055b9045829cbc5061c6f6fa548fae598e746c39eb3dc03d8b3049105255ffc0c9d
-
SSDEEP
24576:bqaGzsRvlGrtyPwFhwkwmxPmy7GgkWHw5XM:bM/rqwFhwkwmxPmU7kWO
Malware Config
Signatures
-
XMRig Miner payload 6 IoCs
resource yara_rule behavioral1/memory/3012-2-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/3012-14-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2252-19-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2252-25-0x00000000032B0000-0x0000000003443000-memory.dmp xmrig behavioral1/memory/2252-24-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/2252-34-0x0000000000400000-0x0000000000587000-memory.dmp xmrig -
Deletes itself 1 IoCs
pid Process 2252 ea62b72024ee0e2022052adc921e04d1.exe -
Executes dropped EXE 1 IoCs
pid Process 2252 ea62b72024ee0e2022052adc921e04d1.exe -
Loads dropped DLL 1 IoCs
pid Process 3012 ea62b72024ee0e2022052adc921e04d1.exe -
resource yara_rule behavioral1/memory/3012-0-0x0000000000400000-0x0000000000712000-memory.dmp upx behavioral1/files/0x000800000001224f-10.dat upx behavioral1/memory/3012-15-0x00000000030E0000-0x00000000033F2000-memory.dmp upx behavioral1/files/0x000800000001224f-16.dat upx behavioral1/memory/2252-17-0x0000000000400000-0x0000000000712000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3012 ea62b72024ee0e2022052adc921e04d1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3012 ea62b72024ee0e2022052adc921e04d1.exe 2252 ea62b72024ee0e2022052adc921e04d1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3012 wrote to memory of 2252 3012 ea62b72024ee0e2022052adc921e04d1.exe 29 PID 3012 wrote to memory of 2252 3012 ea62b72024ee0e2022052adc921e04d1.exe 29 PID 3012 wrote to memory of 2252 3012 ea62b72024ee0e2022052adc921e04d1.exe 29 PID 3012 wrote to memory of 2252 3012 ea62b72024ee0e2022052adc921e04d1.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe"C:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exeC:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2252
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
604KB
MD528ae120694df7b96dcfcef8237b34958
SHA1e2e92c5b6c21e1a940793fd9fd452c86b8480714
SHA2563670bdf4c6f97e9db8e13f8916459d5de46d63c5159623071574f5c4a821781f
SHA512dab1432dbe165bf129793f1950a72ed850fd8cf4975e4aee016d3ed8ad387d7409f9e2c8c4cb70929533576754ad95d7d194bab9fe4b4616075719234a1871f3
-
Filesize
481KB
MD53f510e65932ec99f250b16264ccb621c
SHA1ab7071f1f33f604587f3fb7e926d9e90827c9deb
SHA2561b722e3394de993ef243538f5f04d483b9c4c99f4ae081048f8883c2e75abc99
SHA512a2393de39a6a6d4a51c5c9e1a6ea1483c5be53f0716e27230faf4bc06df066f9327b83cc2cbf23a244c2d331d079daf692a1d4b02345c444926a87ccc499c507