Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
007037a8c51f463b92e1c802d23196be.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
007037a8c51f463b92e1c802d23196be.exe
Resource
win10v2004-20231215-en
General
-
Target
007037a8c51f463b92e1c802d23196be.exe
-
Size
82KB
-
MD5
007037a8c51f463b92e1c802d23196be
-
SHA1
095766e06f5b70b18b38d23cdf38c51e16a06bb8
-
SHA256
af2776260fb74d9d4723d1e127902b17dd07e8c359cc3cd4abb6383598c39ccd
-
SHA512
1ce5515ffec6512076e1ff1c657d48e8325a8ea3e6cf1325a928c22273840f1bcd55eca90ddaf063237c34a478306cae3dd96a14227d16c93527169b7df0e866
-
SSDEEP
1536:m72T0DE30GCXx7Fxs0rK4E9pe0s9ducdoajXxwQzsGTT5gdUO:1T0Z7BFxs0O4WiZjDIGhgdr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2352 007037a8c51f463b92e1c802d23196be.exe -
Executes dropped EXE 1 IoCs
pid Process 2352 007037a8c51f463b92e1c802d23196be.exe -
Loads dropped DLL 1 IoCs
pid Process 2476 007037a8c51f463b92e1c802d23196be.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2476 007037a8c51f463b92e1c802d23196be.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2476 007037a8c51f463b92e1c802d23196be.exe 2352 007037a8c51f463b92e1c802d23196be.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2476 wrote to memory of 2352 2476 007037a8c51f463b92e1c802d23196be.exe 29 PID 2476 wrote to memory of 2352 2476 007037a8c51f463b92e1c802d23196be.exe 29 PID 2476 wrote to memory of 2352 2476 007037a8c51f463b92e1c802d23196be.exe 29 PID 2476 wrote to memory of 2352 2476 007037a8c51f463b92e1c802d23196be.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe"C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exeC:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2352
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD584c2ddd5cd62beaf2c5ce4c1a3b00e12
SHA1b2f49ba3380b378b43d01d7d1b308441091e92f3
SHA256ef6282bcd3ef59e6629db6cc2120d5571f15b22cf82bf3c297762f17ad6371c0
SHA512370eab43123f8bf0a5d83e5002e43e7e0248e710d7369d06b91c50f1e8a0d092292a4a57bce398fddacf69a3bbf21543088c3126bdfbdb875114dc71f43b5197