Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 22:51
Static task
static1
Behavioral task
behavioral1
Sample
062805c07957532b9e6d32b8c35d3773.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
062805c07957532b9e6d32b8c35d3773.exe
Resource
win10v2004-20231215-en
General
-
Target
062805c07957532b9e6d32b8c35d3773.exe
-
Size
385KB
-
MD5
062805c07957532b9e6d32b8c35d3773
-
SHA1
9e2d90c509309ba8ba28d5fd1eac9bc8c93bbdb6
-
SHA256
ad0da498acb532c42dac866229fc90beef5ed722537ae13464be70719e844b79
-
SHA512
a04deda6fe4768569618d1d37cc491e9ce72ec166a9c8a972b523b4a56e7d6bb0f77b82e6b3ae72f8a004f6daddc2446758c3ead22b733ce5f2b000afd70eaa6
-
SSDEEP
12288:kIyl2o/eHb/J4Wg3KeFAbjGn0Cnt1enZB:kIyY4wb6b3KI/0ePeZB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1712 062805c07957532b9e6d32b8c35d3773.exe -
Executes dropped EXE 1 IoCs
pid Process 1712 062805c07957532b9e6d32b8c35d3773.exe -
Loads dropped DLL 1 IoCs
pid Process 2892 062805c07957532b9e6d32b8c35d3773.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2892 062805c07957532b9e6d32b8c35d3773.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2892 062805c07957532b9e6d32b8c35d3773.exe 1712 062805c07957532b9e6d32b8c35d3773.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2892 wrote to memory of 1712 2892 062805c07957532b9e6d32b8c35d3773.exe 17 PID 2892 wrote to memory of 1712 2892 062805c07957532b9e6d32b8c35d3773.exe 17 PID 2892 wrote to memory of 1712 2892 062805c07957532b9e6d32b8c35d3773.exe 17 PID 2892 wrote to memory of 1712 2892 062805c07957532b9e6d32b8c35d3773.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exe"C:\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2892 -
C:\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exeC:\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1712
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
423B
MD5fbd0c300d104542c1058ac1606f8a17e
SHA1cdcafc41ca7eb46d46bd259113a16b8d27451a97
SHA25672006c418bfcad0e35ace75bede725aeeccfec2f8f7e8e4a560e8a0c040e388c
SHA5127c080306d2722315004cdf6df1c38822e80601bccb28535d97af9a0555c1dd6a2089eb2b60c47f6a9a5ce6f50aa7c534d809cdab9d226af3b2a206a64e3f52bf
-
Filesize
14KB
MD51211c5cef319aafdea12aa6c728da403
SHA1955cc80dc23ef15ad928f4a2be2bdce025770eae
SHA25636fa30e613038e530721672281bb252c6ccb872962e3e9384c9223af6996a9ad
SHA5129554dc80b5006600f54808b194b792bd60a267133e95df4012acb0b167e3d7abb7ab6eba18e5b48a9ca5729a2efbed47829f5ad781bc9af8a186c0f53f56ea3f
-
Filesize
17KB
MD5ee11ce0b16220e62048fbc2eb8bd109a
SHA1e39dbc90b13b73cb9cc69df2e1332d751bcd0519
SHA256680cf5e841c33bd46b1d3868c5e53da4891dba9e6b4124266dc9c70d533fd2fc
SHA512326c503ddda62f9e40717c983266034f80b7770c7a829ead3750ad0efa5e3c6900044b945984f092e85ffddc95abeb7924e959fcb2f526f35a49d1001721b127