Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 14:45
Behavioral task
behavioral1
Sample
769c16e88884c18e6036ed2d31432fd4.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
769c16e88884c18e6036ed2d31432fd4.exe
Resource
win10v2004-20231215-en
General
-
Target
769c16e88884c18e6036ed2d31432fd4.exe
-
Size
101KB
-
MD5
769c16e88884c18e6036ed2d31432fd4
-
SHA1
1890707bcbf812ce4cc3c7e8ac7b02612f21ad86
-
SHA256
a4e949969b734a91cf6007ac28a323c51f79471cdf7be1c25aba1ac6666360fa
-
SHA512
c45f0a1c0e545474fcea468fb81be8b1a47b3807892d3d57780bbfb75488dc8d5575ce29347b530b647665b2fca059a0d1ec569c0057affc5eaa422ef3e90752
-
SSDEEP
1536:gLXjXZsHyvA37jg24kTRwUM697mnTcii0CmuJd4BXKikc6E3:gDjXZsf782lT6UM60TEBbd4M5E3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2928 769c16e88884c18e6036ed2d31432fd4.exe -
Executes dropped EXE 1 IoCs
pid Process 2928 769c16e88884c18e6036ed2d31432fd4.exe -
Loads dropped DLL 1 IoCs
pid Process 2900 769c16e88884c18e6036ed2d31432fd4.exe -
resource yara_rule behavioral1/memory/2900-0-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral1/files/0x000a0000000139e6-10.dat upx behavioral1/memory/2900-12-0x0000000000170000-0x00000000001AA000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2900 769c16e88884c18e6036ed2d31432fd4.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2900 769c16e88884c18e6036ed2d31432fd4.exe 2928 769c16e88884c18e6036ed2d31432fd4.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2900 wrote to memory of 2928 2900 769c16e88884c18e6036ed2d31432fd4.exe 29 PID 2900 wrote to memory of 2928 2900 769c16e88884c18e6036ed2d31432fd4.exe 29 PID 2900 wrote to memory of 2928 2900 769c16e88884c18e6036ed2d31432fd4.exe 29 PID 2900 wrote to memory of 2928 2900 769c16e88884c18e6036ed2d31432fd4.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\769c16e88884c18e6036ed2d31432fd4.exe"C:\Users\Admin\AppData\Local\Temp\769c16e88884c18e6036ed2d31432fd4.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\769c16e88884c18e6036ed2d31432fd4.exeC:\Users\Admin\AppData\Local\Temp\769c16e88884c18e6036ed2d31432fd4.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2928
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
101KB
MD5b2d7f302d325792eb5119549f35881d1
SHA14a8733e4e3b36947abd3bfe0bca1b4e9f3d76b35
SHA256cbfbaf9ffdf8ae6b19774ea61cc63e2e95a37688db76256cab525fe834ae6436
SHA51276dde4b4a38cd179d025fbbf6fb3b3d553388c734078786deb57003b2277baf019902acdf7f56004f0174459343d10c9d3529c984ef4ff7024291b4e824d8c33