Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 22:49
Behavioral task
behavioral1
Sample
414f2f01869a018ccab15567cf90c342.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
414f2f01869a018ccab15567cf90c342.exe
Resource
win10v2004-20231215-en
General
-
Target
414f2f01869a018ccab15567cf90c342.exe
-
Size
5.8MB
-
MD5
414f2f01869a018ccab15567cf90c342
-
SHA1
5cec551f09ea09d03b727be7d7d12e7e201565c3
-
SHA256
655e1dfd1971496d443f0f27d125332a0c6c9c92a24b1d78f9b41d08c469c29e
-
SHA512
f2ba4f58fe5e869fc6c12efb8f6c8b122a90fad567e784966f8e736b3a5eaa5e33130ae0b96564f1b09e481c46f0772ee2cc1b0ff97620aa5d2fe33829da7246
-
SSDEEP
98304:vAiVoYp0VGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:vAiiXnGhRaaCkN9qHGhRa
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2680 414f2f01869a018ccab15567cf90c342.exe -
Executes dropped EXE 1 IoCs
pid Process 2680 414f2f01869a018ccab15567cf90c342.exe -
Loads dropped DLL 1 IoCs
pid Process 2336 414f2f01869a018ccab15567cf90c342.exe -
resource yara_rule behavioral1/memory/2336-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012185-14.dat upx behavioral1/files/0x000b000000012185-10.dat upx behavioral1/memory/2680-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2336 414f2f01869a018ccab15567cf90c342.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2336 414f2f01869a018ccab15567cf90c342.exe 2680 414f2f01869a018ccab15567cf90c342.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2336 wrote to memory of 2680 2336 414f2f01869a018ccab15567cf90c342.exe 28 PID 2336 wrote to memory of 2680 2336 414f2f01869a018ccab15567cf90c342.exe 28 PID 2336 wrote to memory of 2680 2336 414f2f01869a018ccab15567cf90c342.exe 28 PID 2336 wrote to memory of 2680 2336 414f2f01869a018ccab15567cf90c342.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe"C:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exeC:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2680
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.4MB
MD55a6ec7c967299e5353c4940443f2d6f9
SHA1add0522943b6bf2a33f926f3440194d4461b67a2
SHA256e266cbe51aaf3ba59158ab071e2f88154ce7a7da82b1536a8e4517ae6b9efc55
SHA51229733233cbc6b4b89f670e092d1cbb998c71a65eece5bbc2f01630a082e5e242ebe27e338bc5b72a188e27211af8c38f43c196ca4852743a82a5723e4ca15925
-
Filesize
5.8MB
MD5b339223164e005e850b4dce866fe91f8
SHA1db8b87351a709d0cbb5eac2face897bac1c9f730
SHA25624df4e92c58bd0cdc0b6d7a184917303589784f3c64ab5d818f3dd18d0a3cff9
SHA512f1a2af6d7cb1479c6032a4e67752820e7e76d93364d23efc4d897efb93bb15600f6aa6404c13112a00866758029895ee1cadf1a0b4960c7637f29b38197d3313