Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 06:31
Static task
static1
Behavioral task
behavioral1
Sample
59c122b9a38d1ca7849b7475a636b2b9.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
59c122b9a38d1ca7849b7475a636b2b9.exe
Resource
win10v2004-20231222-en
General
-
Target
59c122b9a38d1ca7849b7475a636b2b9.exe
-
Size
200KB
-
MD5
59c122b9a38d1ca7849b7475a636b2b9
-
SHA1
904fc47ca8993129240222c691094538dcab0636
-
SHA256
83ec4fea7725a549d0b51f38b074623f39da3de5a9caf2b866664d0de60a5e52
-
SHA512
413e8bc089b98c74d75fe8a96d1af96f9fc42db43f7c0f056b1cdd2f363d83efbf472bf9e6f1dd42bd3c2b4e7b4bd7098dd41ba80aa91a2e07db5e5a4b429ed1
-
SSDEEP
6144:vL79OHITAvFv9xRv0rCSc4ONSai/fF3AKYpns:D79Ornp0OA7L/FAbs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2140 59c122b9a38d1ca7849b7475a636b2b9.exe -
Executes dropped EXE 1 IoCs
pid Process 2140 59c122b9a38d1ca7849b7475a636b2b9.exe -
Loads dropped DLL 1 IoCs
pid Process 3004 59c122b9a38d1ca7849b7475a636b2b9.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3004 59c122b9a38d1ca7849b7475a636b2b9.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3004 59c122b9a38d1ca7849b7475a636b2b9.exe 2140 59c122b9a38d1ca7849b7475a636b2b9.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3004 wrote to memory of 2140 3004 59c122b9a38d1ca7849b7475a636b2b9.exe 29 PID 3004 wrote to memory of 2140 3004 59c122b9a38d1ca7849b7475a636b2b9.exe 29 PID 3004 wrote to memory of 2140 3004 59c122b9a38d1ca7849b7475a636b2b9.exe 29 PID 3004 wrote to memory of 2140 3004 59c122b9a38d1ca7849b7475a636b2b9.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exe"C:\Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exeC:\Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2140
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB
MD540c478f927b440ad1b94057cca6a0f5d
SHA17f61e794662997211f95742d7c82b02037466baa
SHA256394f2583a062bc55607161e6cd6ececadde3df0e0affcf61eba6bca6d439f4d8
SHA51278c40689b5e0e24b041b3189a9251fbbcc7e45c2bbe3233c437eef4c4dc32ee75076ed38b735eb3f9524f9cd7b12fc924fc123d0936491cad0350105be96c71a