Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 09:57
Static task
static1
Behavioral task
behavioral1
Sample
65721a35328c5417e690f8df878eb475.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
65721a35328c5417e690f8df878eb475.exe
Resource
win10v2004-20231215-en
General
-
Target
65721a35328c5417e690f8df878eb475.exe
-
Size
402KB
-
MD5
65721a35328c5417e690f8df878eb475
-
SHA1
03462f95f46183f40befe6fdeeddd34fbf5ec8d7
-
SHA256
35ada52905e3729f1dc06a72d0d3ab786a926e6be7cba1e657ece397f4ec7e73
-
SHA512
db727a56860cd032236d1e8c8b52dcdf5538b1d0d85a314f4e59393b4d6c4e32ea13c0535733c02476ee25eb4b092f2436f203d8933dddfa5b49ce61a7deebdc
-
SSDEEP
6144:MTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh36rSLL64j7W4SPHREuLNeCrS:MLry/neyx7f/A64j7PSfRgCrS
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2464 dpirfc.exe -
Loads dropped DLL 1 IoCs
pid Process 1816 65721a35328c5417e690f8df878eb475.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\ikwvlkjyd\dpirfc.exe 65721a35328c5417e690f8df878eb475.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1816 wrote to memory of 2464 1816 65721a35328c5417e690f8df878eb475.exe 28 PID 1816 wrote to memory of 2464 1816 65721a35328c5417e690f8df878eb475.exe 28 PID 1816 wrote to memory of 2464 1816 65721a35328c5417e690f8df878eb475.exe 28 PID 1816 wrote to memory of 2464 1816 65721a35328c5417e690f8df878eb475.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\65721a35328c5417e690f8df878eb475.exe"C:\Users\Admin\AppData\Local\Temp\65721a35328c5417e690f8df878eb475.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1816 -
C:\Program Files (x86)\ikwvlkjyd\dpirfc.exe"C:\Program Files (x86)\ikwvlkjyd\dpirfc.exe"2⤵
- Executes dropped EXE
PID:2464
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
422KB
MD5481a6ff51de77b14c4497be7afece919
SHA14266fe1c4f838c4c5cbe6fdad535609f3a899b13
SHA2566badd79defa968ae4473036f68352ddc63225ce4ebc121692e1bbfea8fa72f41
SHA51228ee1a66f20e6b7e720cbdaeec8fceb751ee0ee31cc05d58cbc425228fb3f79d432eeca5cb7b5a7c3c0a4d808ef5405d5fbffd9d3f8eb46c36be1399c932f32e