Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 23:49
Behavioral task
behavioral1
Sample
2095d9e376e2785ef1d8834deb2c2f53.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2095d9e376e2785ef1d8834deb2c2f53.exe
Resource
win10v2004-20231215-en
General
-
Target
2095d9e376e2785ef1d8834deb2c2f53.exe
-
Size
1.3MB
-
MD5
2095d9e376e2785ef1d8834deb2c2f53
-
SHA1
63ed6f00c75e44da025a37bd962c05c9df6341eb
-
SHA256
adf7a8ce9a3f261d36bcd8a89078368997b4bf0065f9340f0b8938bd28f4fe45
-
SHA512
beefbd5d4d96570c87123b219e7b9f195feb3c81e82b824e94655f1ce897e42260f14f1ba78edb95d03143fee6238f621de785ee6c1dea9b16fcabec53728164
-
SSDEEP
24576:xC4szuXktwpE7c+QKs5Cmuu8vNyn1blE5DXCvG:w4hAKE7c+QKs5Cmmc18z
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1740 2095d9e376e2785ef1d8834deb2c2f53.exe -
Executes dropped EXE 1 IoCs
pid Process 1740 2095d9e376e2785ef1d8834deb2c2f53.exe -
Loads dropped DLL 1 IoCs
pid Process 1244 2095d9e376e2785ef1d8834deb2c2f53.exe -
resource yara_rule behavioral1/memory/1244-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000a00000001224d-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1244 2095d9e376e2785ef1d8834deb2c2f53.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1244 2095d9e376e2785ef1d8834deb2c2f53.exe 1740 2095d9e376e2785ef1d8834deb2c2f53.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1244 wrote to memory of 1740 1244 2095d9e376e2785ef1d8834deb2c2f53.exe 17 PID 1244 wrote to memory of 1740 1244 2095d9e376e2785ef1d8834deb2c2f53.exe 17 PID 1244 wrote to memory of 1740 1244 2095d9e376e2785ef1d8834deb2c2f53.exe 17 PID 1244 wrote to memory of 1740 1244 2095d9e376e2785ef1d8834deb2c2f53.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\2095d9e376e2785ef1d8834deb2c2f53.exe"C:\Users\Admin\AppData\Local\Temp\2095d9e376e2785ef1d8834deb2c2f53.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Users\Admin\AppData\Local\Temp\2095d9e376e2785ef1d8834deb2c2f53.exeC:\Users\Admin\AppData\Local\Temp\2095d9e376e2785ef1d8834deb2c2f53.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1740
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
382KB
MD5da47433f8f496b4d8934d95f53525209
SHA101eef568738a740edbdffb0b2727a0726cc046ba
SHA2560b52c0a79082eaa01d2ddcf46c4bf5b57306375ed6a84dde05cbb1dff8f3aba1
SHA5128c62e50bf5f16a1b7dde7c326b25308f8b3769d1d1f1e9998d9301d03ee71e5974e3ae4f1f9175b6f1a188f35ec04dbf8925549a55bb30dfa9ac6ff8c80191f2