Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 15:12
Static task
static1
Behavioral task
behavioral1
Sample
782244db11f9cb911a1663a9b96f2183.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
782244db11f9cb911a1663a9b96f2183.exe
Resource
win10v2004-20231215-en
General
-
Target
782244db11f9cb911a1663a9b96f2183.exe
-
Size
82KB
-
MD5
782244db11f9cb911a1663a9b96f2183
-
SHA1
33ffa7ca2273cb8f337ac9a1c4c05648cea949a6
-
SHA256
92bb40d4ef7be35fa1cbe7af22b558bf1ec11ba35eb9a7d6bbec5b8001f76e55
-
SHA512
d58344d11d63761b0d80623620719bdceac2c53ad34b0afd6afee4e85699e46897ffa6aeec4aaf91f5542aecfadd77d0b6c67042c7f07f3fe351aef43760b0b9
-
SSDEEP
1536:+wDcRB5qwIaX+5Kt5nBm+sN3qfBfxHUhyRg4:PDmBAwIA+C5cDJqfKqg4
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2540 782244db11f9cb911a1663a9b96f2183.exe -
Executes dropped EXE 1 IoCs
pid Process 2540 782244db11f9cb911a1663a9b96f2183.exe -
Loads dropped DLL 1 IoCs
pid Process 2240 782244db11f9cb911a1663a9b96f2183.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2240 782244db11f9cb911a1663a9b96f2183.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2240 782244db11f9cb911a1663a9b96f2183.exe 2540 782244db11f9cb911a1663a9b96f2183.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2240 wrote to memory of 2540 2240 782244db11f9cb911a1663a9b96f2183.exe 16 PID 2240 wrote to memory of 2540 2240 782244db11f9cb911a1663a9b96f2183.exe 16 PID 2240 wrote to memory of 2540 2240 782244db11f9cb911a1663a9b96f2183.exe 16 PID 2240 wrote to memory of 2540 2240 782244db11f9cb911a1663a9b96f2183.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\782244db11f9cb911a1663a9b96f2183.exeC:\Users\Admin\AppData\Local\Temp\782244db11f9cb911a1663a9b96f2183.exe1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2540
-
C:\Users\Admin\AppData\Local\Temp\782244db11f9cb911a1663a9b96f2183.exe"C:\Users\Admin\AppData\Local\Temp\782244db11f9cb911a1663a9b96f2183.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2240
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5bab776baf478c4d6e7849db9536a4634
SHA102f9a5b20625b065b750ee61731a60d8a43a46f7
SHA256d992f72e6712b0f00ae4be9db710165cbf736aca77fc40e2caecf8c3daa1a311
SHA512183429f0c59acb554d016eda09b1c924f58b013346f818af8d496a7f3e8d7633d527954836ac6f3dc26ab3ee3e0ef3d2b80e9e2db408a46066cff843a4485a5a