Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 20:01
Behavioral task
behavioral1
Sample
027cc29a378169652257d69e7254c5f2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
027cc29a378169652257d69e7254c5f2.exe
Resource
win10v2004-20231215-en
General
-
Target
027cc29a378169652257d69e7254c5f2.exe
-
Size
2.9MB
-
MD5
027cc29a378169652257d69e7254c5f2
-
SHA1
e9939e3b4462bef4a1a56b2d06dbedab80223ced
-
SHA256
e68141124685d932e5b77bb3b0740ca414689243b533e5ffe8dae31165da4cde
-
SHA512
bde92b09fba874548a33b97e660d6d862bd404b503965b74555bda886911d348f6b58952b76fc4711a69ca7780d8f43f0464d00472fd70ec4be6d2e7a1b7de30
-
SSDEEP
49152:dOFj3o9byZnteaU3GyNHZyJ8yct0QbN74NH5HUyNRcUsCVOzetdZJ:dG3o0tHUtN5y2tL4HBUCczzM3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2788 027cc29a378169652257d69e7254c5f2.exe -
Executes dropped EXE 1 IoCs
pid Process 2788 027cc29a378169652257d69e7254c5f2.exe -
Loads dropped DLL 1 IoCs
pid Process 2996 027cc29a378169652257d69e7254c5f2.exe -
resource yara_rule behavioral1/files/0x000d00000001225c-13.dat upx behavioral1/files/0x000d00000001225c-10.dat upx behavioral1/memory/2996-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2996 027cc29a378169652257d69e7254c5f2.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2996 027cc29a378169652257d69e7254c5f2.exe 2788 027cc29a378169652257d69e7254c5f2.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2996 wrote to memory of 2788 2996 027cc29a378169652257d69e7254c5f2.exe 17 PID 2996 wrote to memory of 2788 2996 027cc29a378169652257d69e7254c5f2.exe 17 PID 2996 wrote to memory of 2788 2996 027cc29a378169652257d69e7254c5f2.exe 17 PID 2996 wrote to memory of 2788 2996 027cc29a378169652257d69e7254c5f2.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe"C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exeC:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2788
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD52f166f385e04aa5235d5f5b2d0893682
SHA133ea98f63e95b4aa743df4eff9ad4fa5690baff7
SHA25605c071970634e1a5997a1a4e0b4895ea4b1e2fa73face1911188e9d967dd3604
SHA5129e3c492e9364654a2f6b50f31173e8eaf06695fe7a3e6b2d7c65810b0fbc1ee9265ee387ade9d57a4a211f5400df5afa23aadf89ef43dd61ab7fb01782cc4dfe
-
Filesize
10KB
MD5ef8cc79c0559750844b86b490de75334
SHA14188f15bbcfb161b6a5fbd55bd0c718fca6855ba
SHA2563341a399855658224f69a415f93e58070cc76220e6e16974076a602788c4075c
SHA51286f85c5472d2ced33e09bf46f84a368f0d13b8b184e543cc2a64d277f9a45bca9f957de465f444beae1fed0f399769e68a389418c65f315ea1764bede1ffc461