Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
108s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 21:38
Static task
static1
Behavioral task
behavioral1
Sample
04a04b099ebe0fc8041055c2c7fd8c42.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
04a04b099ebe0fc8041055c2c7fd8c42.exe
Resource
win10v2004-20231215-en
General
-
Target
04a04b099ebe0fc8041055c2c7fd8c42.exe
-
Size
105KB
-
MD5
04a04b099ebe0fc8041055c2c7fd8c42
-
SHA1
4ae00c6215c961dbb0d09bbb6958a3185b3d40e1
-
SHA256
b781965da959c4d73f83825fadb900d56f1732a0a23704c71faa1bef2464bfb0
-
SHA512
e6de92e9ce68ccc6451649d2cf8f34048f89389eb60a3bb76e9a420b17684fe5bcb73326a6d30cca54dd325e76b393846d3c44cfb0d0bb0a2b6c513cb90c7d91
-
SSDEEP
3072:k0W7cRqnq4xl0WYt3S73fNuYzyU8J5BrWx:CouqFA1uOZ8J5A
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3020 cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2616 04a04b099ebe0fc8041055c2c7fd8c42.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2616 wrote to memory of 3020 2616 04a04b099ebe0fc8041055c2c7fd8c42.exe 29 PID 2616 wrote to memory of 3020 2616 04a04b099ebe0fc8041055c2c7fd8c42.exe 29 PID 2616 wrote to memory of 3020 2616 04a04b099ebe0fc8041055c2c7fd8c42.exe 29 PID 2616 wrote to memory of 3020 2616 04a04b099ebe0fc8041055c2c7fd8c42.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\04a04b099ebe0fc8041055c2c7fd8c42.exe"C:\Users\Admin\AppData\Local\Temp\04a04b099ebe0fc8041055c2c7fd8c42.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ixb..bat" > nul 2> nul2⤵
- Deletes itself
PID:3020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD52e096ded7979484f819c5732c667d526
SHA1c51e610a082c15e9c09c07cb1cd6b3c7deb40bc0
SHA25667cbed5f633fa2046f41070b8053d8d042fd308d78b00ddf8aede68548a9e5d1
SHA5123902a1934e3ba1f1d916d5513ab956a36b093728dab44c90d06af6f3dd76faad1dedd20707e508559e0b62e00f83bc054670f805f1e330c6faadd55269dd9dfb