Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
23/12/2023, 17:15
Behavioral task
behavioral1
Sample
Tracks Bypass.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Tracks Bypass.exe
Resource
win10v2004-20231215-en
General
-
Target
Tracks Bypass.exe
-
Size
17.6MB
-
MD5
fe2962d9a3357aefedcffe040debb74d
-
SHA1
58a80444fe092e87dce179d37281bb531eda2682
-
SHA256
79b9578d73aeacf0c61b98a492a64a787112aa82e342f4cd699c38a4dd076cd0
-
SHA512
f1a81c5bbf6ed3a7057cbf15015cbf935833ed06c43a1ce2d837b5f9fa1c952a19e615977b68275146a4579d3b7f4dd80410b0b4bdd1929dd7334477c5e8c118
-
SSDEEP
393216:YqPnLFXlreQpDOETgsvfGaBgNpsvEiArgVL0q:JPLFXNeQoEN2/TgZl
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2428 Tracks Bypass.exe -
resource yara_rule behavioral1/files/0x000500000001a413-111.dat upx behavioral1/files/0x000500000001a413-112.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1848 wrote to memory of 2428 1848 Tracks Bypass.exe 28 PID 1848 wrote to memory of 2428 1848 Tracks Bypass.exe 28 PID 1848 wrote to memory of 2428 1848 Tracks Bypass.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tracks Bypass.exe"C:\Users\Admin\AppData\Local\Temp\Tracks Bypass.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1848 -
C:\Users\Admin\AppData\Local\Temp\Tracks Bypass.exe"C:\Users\Admin\AppData\Local\Temp\Tracks Bypass.exe"2⤵
- Loads dropped DLL
PID:2428
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD569d4f13fbaeee9b551c2d9a4a94d4458
SHA169540d8dfc0ee299a7ff6585018c7db0662aa629
SHA256801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046
SHA5128e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378
-
Filesize
1.4MB
MD57f6460b2f997412bbb5bfecdd2472ca7
SHA11cd33ac3893399395ce7fab4af25198ec66d5dd0
SHA256fdf88b7d93c3bcbc3850a5923138920cd2993d2f018efbe3ff41847c62eca1cf
SHA512b818ce4038c264b83640a0035b53ae6c90bb04a469b83dadb16e76609d67b942c6b109d0837dbe9d0962a064767b479af0bf30644de560b7c8830fb1c76f61d4