Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 15:15
Static task
static1
Behavioral task
behavioral1
Sample
288b4c8aa99098de451ce15aaa1bed0f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
288b4c8aa99098de451ce15aaa1bed0f.exe
Resource
win10v2004-20231215-en
General
-
Target
288b4c8aa99098de451ce15aaa1bed0f.exe
-
Size
84KB
-
MD5
288b4c8aa99098de451ce15aaa1bed0f
-
SHA1
13a367528fc9424698d826a8f746bb235a83f547
-
SHA256
2f454c8a69d96e0e1450d78e3409fdace8c8b8c6f702bcfb99cffd5b6305dbe6
-
SHA512
a99729860f4e877d227fdbd848276d3d0be0337ab88616dd2c64a187f777b27a5c39d543a08c9f4e86d0f90be34a5e8ac062e69dc4b9df8a0dfa36516a652860
-
SSDEEP
1536:NH1d81d774RKN7vvCXrUwPnlWfDcRecpz+H94/0qz6XjaJ8t2Rr26B3bkZDiEvxC:OnLCXr3GDc4c27xNt2dv3WDi4C
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2352 288b4c8aa99098de451ce15aaa1bed0f.exe -
Executes dropped EXE 1 IoCs
pid Process 2352 288b4c8aa99098de451ce15aaa1bed0f.exe -
Loads dropped DLL 1 IoCs
pid Process 2476 288b4c8aa99098de451ce15aaa1bed0f.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2476 288b4c8aa99098de451ce15aaa1bed0f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2476 288b4c8aa99098de451ce15aaa1bed0f.exe 2352 288b4c8aa99098de451ce15aaa1bed0f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2476 wrote to memory of 2352 2476 288b4c8aa99098de451ce15aaa1bed0f.exe 29 PID 2476 wrote to memory of 2352 2476 288b4c8aa99098de451ce15aaa1bed0f.exe 29 PID 2476 wrote to memory of 2352 2476 288b4c8aa99098de451ce15aaa1bed0f.exe 29 PID 2476 wrote to memory of 2352 2476 288b4c8aa99098de451ce15aaa1bed0f.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\288b4c8aa99098de451ce15aaa1bed0f.exe"C:\Users\Admin\AppData\Local\Temp\288b4c8aa99098de451ce15aaa1bed0f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\288b4c8aa99098de451ce15aaa1bed0f.exeC:\Users\Admin\AppData\Local\Temp\288b4c8aa99098de451ce15aaa1bed0f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2352
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5409cb83d03be8d9e4d8ad4cb79315014
SHA19c039943700e4912b8a8478db03b44064ff7cc20
SHA25614211529774d3c9b3c9691a3d6c2bfaafd03fe1cfd7fa3e627bd3fdc00efa443
SHA51216b2f9e2951b4b289bddd4c4a7dc1cb07279092cdb3920a0ab407baa254dc2a2729c70ddc74b03488071cd6ee48cf2faa1c2b5e3ed76f4814ee3a89b7c914d8b