Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 02:26
Static task
static1
Behavioral task
behavioral1
Sample
4ca21c6bd97b1f0edddd4125c19959c8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4ca21c6bd97b1f0edddd4125c19959c8.exe
Resource
win10v2004-20231215-en
General
-
Target
4ca21c6bd97b1f0edddd4125c19959c8.exe
-
Size
1.2MB
-
MD5
4ca21c6bd97b1f0edddd4125c19959c8
-
SHA1
3fe62770dd1bd441d7de3e9597c78e96b1913191
-
SHA256
33c0598a4f25546b028a22bbb0238c9d788f9625207ecd546ea55abfe7670982
-
SHA512
1e5ea1993ffe9715798cfe6e75cd15bd274ce15c31d44ac8c79aaaa281fadec32f8cc94cbbb0239cacd322d0b8dce3c1e9471fc5b2bd4f4482635bc837a3238c
-
SSDEEP
24576:VfOydJf48pgJef/deObHp77RL6qupeWpw6Dx5xlp2uRcYdDBKVYHZkgcAuMze4:VGMJf46fFhbHpAXpbW6V5xlp5RcYTTZJ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2180 is-Q6OA6.tmp -
Loads dropped DLL 3 IoCs
pid Process 2484 4ca21c6bd97b1f0edddd4125c19959c8.exe 2180 is-Q6OA6.tmp 2180 is-Q6OA6.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2180 is-Q6OA6.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2484 wrote to memory of 2180 2484 4ca21c6bd97b1f0edddd4125c19959c8.exe 28 PID 2484 wrote to memory of 2180 2484 4ca21c6bd97b1f0edddd4125c19959c8.exe 28 PID 2484 wrote to memory of 2180 2484 4ca21c6bd97b1f0edddd4125c19959c8.exe 28 PID 2484 wrote to memory of 2180 2484 4ca21c6bd97b1f0edddd4125c19959c8.exe 28 PID 2484 wrote to memory of 2180 2484 4ca21c6bd97b1f0edddd4125c19959c8.exe 28 PID 2484 wrote to memory of 2180 2484 4ca21c6bd97b1f0edddd4125c19959c8.exe 28 PID 2484 wrote to memory of 2180 2484 4ca21c6bd97b1f0edddd4125c19959c8.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ca21c6bd97b1f0edddd4125c19959c8.exe"C:\Users\Admin\AppData\Local\Temp\4ca21c6bd97b1f0edddd4125c19959c8.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Users\Admin\AppData\Local\Temp\is-T3G5D.tmp\is-Q6OA6.tmp"C:\Users\Admin\AppData\Local\Temp\is-T3G5D.tmp\is-Q6OA6.tmp" /SL4 $30150 "C:\Users\Admin\AppData\Local\Temp\4ca21c6bd97b1f0edddd4125c19959c8.exe" 1014406 512002⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2180
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
652KB
MD546570158ccae518dcf05602fea3e1bd8
SHA1c71f09e0a4fcf9061fe8de67defb569361ed90b0
SHA256eb289ef14e8f3b47081e1168690d1d95185dbfd1c3cdc5bfb074fd76a42cead0
SHA5122721915717efd108cae39326d3644ecb55d1c47586e280b3f04f1b7f6a799ad9c0daaa3a410e667eaf7bed0265c9fee54cb899424d0935c2e6ab6ed896d29f97