Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 19:27
Behavioral task
behavioral1
Sample
01b210320422d9bf04f2bba90a1726d6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
01b210320422d9bf04f2bba90a1726d6.exe
Resource
win10v2004-20231215-en
General
-
Target
01b210320422d9bf04f2bba90a1726d6.exe
-
Size
2.7MB
-
MD5
01b210320422d9bf04f2bba90a1726d6
-
SHA1
8eb031852fb1ae4928b68db0f579840533b3b219
-
SHA256
5fcc3f7143e906f8c4ca5dd9535d1b3c67a9169f3a963c5c44d9fc3bde83d57f
-
SHA512
289ad05ac133274adf2ec39ad1a26fee608ac8e19c0d70fb2939e36cc464ecdcee6582aba798535d1494787875dfea1752059267d46feb28f102392439a4ee67
-
SSDEEP
49152:iuyAVsuoIdZAkhP4LtUzyahjeR9gt0/p4dBRAzhRITJTNx26LGjR9j:NyAVmqZZStayahjeHg+/Gd0hQJTxLsHj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2792 01b210320422d9bf04f2bba90a1726d6.exe -
Executes dropped EXE 1 IoCs
pid Process 2792 01b210320422d9bf04f2bba90a1726d6.exe -
Loads dropped DLL 1 IoCs
pid Process 2444 01b210320422d9bf04f2bba90a1726d6.exe -
resource yara_rule behavioral1/memory/2444-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral1/files/0x000b000000012238-10.dat upx behavioral1/files/0x000b000000012238-14.dat upx behavioral1/memory/2792-17-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2444 01b210320422d9bf04f2bba90a1726d6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2444 01b210320422d9bf04f2bba90a1726d6.exe 2792 01b210320422d9bf04f2bba90a1726d6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2444 wrote to memory of 2792 2444 01b210320422d9bf04f2bba90a1726d6.exe 28 PID 2444 wrote to memory of 2792 2444 01b210320422d9bf04f2bba90a1726d6.exe 28 PID 2444 wrote to memory of 2792 2444 01b210320422d9bf04f2bba90a1726d6.exe 28 PID 2444 wrote to memory of 2792 2444 01b210320422d9bf04f2bba90a1726d6.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe"C:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exeC:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2792
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5a16dec959f99ed09da3cc8febff77418
SHA1f6d9bebd49bf177f7e6efd50f8b41a6f45da2a39
SHA256329a069ae889e8f8d196ae67331be28a40fc598bac2f9b2aa689f99fa87a0dbc
SHA5123a6df4e257ecbbaabc4eb2d917b6c209272e5c04af2450357ba64a7c621b1da464f7770bca2da7c029bc98ff0ded57e946318684322cf68039af12d56611c703
-
Filesize
64KB
MD59f8e1c0bc31e2957b2c9db760da44bbc
SHA182d65f81f400cea99d046264d2156d019e7ce4af
SHA256ad2bbaae3296f0c7571cd25d00ac3c11aa0edb82b74eae31f5d6c3749e4b5501
SHA512bef5b34272b29d2db1a151c9e79f1702e38f3b6b967922f2bb261d2d5580cd8056ddb92d48732406b5450464b53ad3a92b0d2d1dd6700106076d9d25ed073fbe