Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 22:34
Static task
static1
Behavioral task
behavioral1
Sample
408861626b80bbcafa2928327334785e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
408861626b80bbcafa2928327334785e.exe
Resource
win10v2004-20231215-en
General
-
Target
408861626b80bbcafa2928327334785e.exe
-
Size
392KB
-
MD5
408861626b80bbcafa2928327334785e
-
SHA1
98dad5249f31addb4c6e370c801f59623bb749ca
-
SHA256
16cf16d7081107e4e2b55ffa4fa8d279b435466519f36aaf33fdfe203226eb6f
-
SHA512
496d92a3ca93d60d26ed3e4d56bd89709884d6a7ef859b45c77472dad172fe92ece6894f7293cea7dcda827ca4310b283bdec748fec160799a06b326de499444
-
SSDEEP
6144:1Rgym92YGB+40vPLGPACNQjwhAAdziJOP4XkFN+G5ply43vNRNByTb7NF31NhB:H6fu+40vPy/JzoDUpL3vNRM91X
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1656 winvnc.exe -
Loads dropped DLL 5 IoCs
pid Process 2712 408861626b80bbcafa2928327334785e.exe 2712 408861626b80bbcafa2928327334785e.exe 1656 winvnc.exe 1656 winvnc.exe 1656 winvnc.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2712 wrote to memory of 1656 2712 408861626b80bbcafa2928327334785e.exe 29 PID 2712 wrote to memory of 1656 2712 408861626b80bbcafa2928327334785e.exe 29 PID 2712 wrote to memory of 1656 2712 408861626b80bbcafa2928327334785e.exe 29 PID 2712 wrote to memory of 1656 2712 408861626b80bbcafa2928327334785e.exe 29 PID 2712 wrote to memory of 1656 2712 408861626b80bbcafa2928327334785e.exe 29 PID 2712 wrote to memory of 1656 2712 408861626b80bbcafa2928327334785e.exe 29 PID 2712 wrote to memory of 1656 2712 408861626b80bbcafa2928327334785e.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\408861626b80bbcafa2928327334785e.exe"C:\Users\Admin\AppData\Local\Temp\408861626b80bbcafa2928327334785e.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Users\Admin\AppData\Local\Temp\7zS5BA7.tmp\winvnc.exe.\winvnc.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1656
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD56ce6e5fcf1a56b80f4ffa6f685d4329d
SHA191780868c241e83754003855407805c0cda20254
SHA2566fcc92e281d25569d300297ef79a5796bc5e0c226aa35624dd6a9f38b8413402
SHA5127af21c8840f56c5ded22161504dd3d6c282ad83a0fb1f711fccfc7d87676de3036120e60e2c0e57fb998a0dcfe512950d3f16e0bdcb493d37a681f31b8cb399f
-
Filesize
1KB
MD568591666d18e91f46b147fbcf71408e1
SHA1b4755f8c2c1c043979c953b8d1778565bfab06d2
SHA256b89639dba499cc8a3e80f512a23f760f78123f1935360e9d15ea883035f5490c
SHA5122a76f3de2570ff415d47bdd8ddcbdae8fdbf6607070f08b534a99b08b0a6ea2b02f819c59c270ad7bbe051163c731614f9fcc1a84195c2934defab6c3269767b
-
Filesize
103KB
MD5c82f3545906027613f086183a43abeaf
SHA1a666b1c5e58ab5f4daeaf379670583e1c5f73a40
SHA256ef31a35552671f50f2ba4f7078a1da9f5ca871c52c1f0fd82de011946f47d208
SHA5126e46663d0870a6d2d82e12b0ba4b403061f1c2d6746c9c3621c7eed86f8472358a041e86150fe3c8e44b41b5bbcaef73f2174971f9c41b615d0bf2e9d2e305de
-
Filesize
251KB
MD540a21759f5ad164f5c58e3c4c1a30ede
SHA1287b840f6bd10a05922d9ded005eda53128efe12
SHA2565ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA51219a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28
-
Filesize
230KB
MD51db6e56c589260436734a866ce7ffbfc
SHA198962946a2b4458fc5298644b7501373a86d085d
SHA256a193410427b46e56e1b58085c9d24b943ac1d2e92738e159dee19a6db41a4da6
SHA5121d2eb3188d9b153e0a6b79cc3e930eba3dc69b6aa983ae189c3f0a84bf03d454a7a233d28a2c74c366c41534b23e6b17d66776ffe00fc5591c66cc69a06bfb68