Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 00:40
Behavioral task
behavioral1
Sample
1d95bff04e7d80b6dea9ad27e661b572.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1d95bff04e7d80b6dea9ad27e661b572.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
1d95bff04e7d80b6dea9ad27e661b572.exe
-
Size
208KB
-
MD5
1d95bff04e7d80b6dea9ad27e661b572
-
SHA1
5f34ffaaed900a3adba9430b2a9ae36d9d638165
-
SHA256
2e38ec5a1319b3813cf4bfe045a364fd7e24424431d1485fe6fa69a43829e9c4
-
SHA512
70c2556e91f6cceb7ec411634013b2727e4535fe5f126bbacc8eaa451fd3ce1215b071654602232dcbec33e25670b8dd0bfc3f67cb642974e9f7b6d6670f296f
-
SSDEEP
3072:gLJMjbcHDdMwQsP+ugDBqUNfT+KjxUstQx+UUtuIr63Y8Sj:glMeBzQJXBqUNfTRUwSEtZ2
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/356-0-0x0000000140000000-0x0000000140073000-memory.dmp upx behavioral1/memory/356-3-0x0000000140000000-0x0000000140073000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 356 wrote to memory of 2056 356 1d95bff04e7d80b6dea9ad27e661b572.exe 16 PID 356 wrote to memory of 2056 356 1d95bff04e7d80b6dea9ad27e661b572.exe 16 PID 356 wrote to memory of 2056 356 1d95bff04e7d80b6dea9ad27e661b572.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d95bff04e7d80b6dea9ad27e661b572.exe"C:\Users\Admin\AppData\Local\Temp\1d95bff04e7d80b6dea9ad27e661b572.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:356 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1304.tmp\1305.tmp\1306.bat C:\Users\Admin\AppData\Local\Temp\1d95bff04e7d80b6dea9ad27e661b572.exe"2⤵PID:2056
-