Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 05:59
Static task
static1
Behavioral task
behavioral1
Sample
5853abf213e5cdaeae074d9dbbf6098b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5853abf213e5cdaeae074d9dbbf6098b.exe
Resource
win10v2004-20231222-en
General
-
Target
5853abf213e5cdaeae074d9dbbf6098b.exe
-
Size
226KB
-
MD5
5853abf213e5cdaeae074d9dbbf6098b
-
SHA1
d4c6d38e5ad574c4e07b33b3c342be45726af04d
-
SHA256
73f4006f8f42d1c5c4644c02513082b5e0c5e15465c667c8de0e2d4a652b1dc4
-
SHA512
2ac3eb5ff36c1dbf2d8a5ec7543ff31449f0da462cb35576a2ab0bb73ae79feac1d91fb3c6f92b2e58cb962d4bcfa0fe8bde16229e199709d16a4eadc47ff691
-
SSDEEP
6144:C1QLJQL0gTTuQ0quhsf7KjMdcornRZAArCgLADMJ82PeAUyFd:x2oITuQ0qugKjzEfbrCnm82PevS
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2688 generator.exe -
Loads dropped DLL 2 IoCs
pid Process 2268 5853abf213e5cdaeae074d9dbbf6098b.exe 2268 5853abf213e5cdaeae074d9dbbf6098b.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\directx.exe 5853abf213e5cdaeae074d9dbbf6098b.exe File opened for modification C:\Windows\SysWOW64\directx.exe 5853abf213e5cdaeae074d9dbbf6098b.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2268 wrote to memory of 2688 2268 5853abf213e5cdaeae074d9dbbf6098b.exe 28 PID 2268 wrote to memory of 2688 2268 5853abf213e5cdaeae074d9dbbf6098b.exe 28 PID 2268 wrote to memory of 2688 2268 5853abf213e5cdaeae074d9dbbf6098b.exe 28 PID 2268 wrote to memory of 2688 2268 5853abf213e5cdaeae074d9dbbf6098b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5853abf213e5cdaeae074d9dbbf6098b.exe"C:\Users\Admin\AppData\Local\Temp\5853abf213e5cdaeae074d9dbbf6098b.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Users\Admin\AppData\Local\Temp\generator.exe"C:\Users\Admin\AppData\Local\Temp\generator.exe"2⤵
- Executes dropped EXE
PID:2688
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
163KB
MD5ec264de3e9f120078e3f2533e51e1842
SHA1cebb108a745c774d6ba93f9cf9516e54f06dca18
SHA256efd903c2a5382b57068aa06022642d1cdaaba97591f1177503f47b0466f46016
SHA5126095098f0c1610c9a2113938c8a7e7d0ab34d67da75d8d4d87aae1491c0d889ac79f72fd49a71ed2726e8b3183e1f5da8f1231b34b6d81c851e5ec13c3f75a97