Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 03:13
Behavioral task
behavioral1
Sample
4f535ed5f81acb6563ece83b76555333.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4f535ed5f81acb6563ece83b76555333.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
4f535ed5f81acb6563ece83b76555333.exe
-
Size
373KB
-
MD5
4f535ed5f81acb6563ece83b76555333
-
SHA1
3491e33820e1f856b4d12ed0f9b4167d2df15432
-
SHA256
e2b39c4e384688ce8cc804eb468ae2829c814b2145f7fa1fc8f313233bd2cadd
-
SHA512
ed879a81e7f3d95fa5469b02f14c37e7decae55807796de82a5e183a213340b738826a6c5005f63653912d9dddb314c33fe4d924a479adf6eac58f7a9067aa9c
-
SSDEEP
6144:O71s7MqrWsve48edpIynD5bZ1XmmV9jwQ1E++yDqDCphnF1cACTfgjdBi:zWi8eQeZ1XmM9j519DXF1kfgjdBi
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2808 cmd.exe -
resource yara_rule behavioral1/memory/2456-0-0x0000000000400000-0x00000000004E2000-memory.dmp upx behavioral1/memory/2456-9-0x0000000000400000-0x00000000004E2000-memory.dmp upx -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2456 wrote to memory of 2808 2456 4f535ed5f81acb6563ece83b76555333.exe 17 PID 2456 wrote to memory of 2808 2456 4f535ed5f81acb6563ece83b76555333.exe 17 PID 2456 wrote to memory of 2808 2456 4f535ed5f81acb6563ece83b76555333.exe 17 PID 2456 wrote to memory of 2808 2456 4f535ed5f81acb6563ece83b76555333.exe 17
Processes
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\4f535ed5f81acb6563ece83b76555333.bat1⤵
- Deletes itself
PID:2808
-
C:\Users\Admin\AppData\Local\Temp\4f535ed5f81acb6563ece83b76555333.exe"C:\Users\Admin\AppData\Local\Temp\4f535ed5f81acb6563ece83b76555333.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2456