Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 00:48
Behavioral task
behavioral1
Sample
090de8bc81e25fa7bef4385d7d361c16.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
090de8bc81e25fa7bef4385d7d361c16.exe
Resource
win10v2004-20231215-en
General
-
Target
090de8bc81e25fa7bef4385d7d361c16.exe
-
Size
2.9MB
-
MD5
090de8bc81e25fa7bef4385d7d361c16
-
SHA1
c72535e0e6281f5ea420ee52f88fc9facc578210
-
SHA256
8742b1e29a76241eb6922566daa29ca63e58b44ee4462257cf859f21dba2d64c
-
SHA512
8c7728b75736ed39d760fd41f89db91dbdb4b34a4752875810d0b92729a3d1074ebcf7f849dd0ce9a27fd766c09c468401c2bb75f4088f8d9d65f225a24d377c
-
SSDEEP
49152:NURK5DkQF2VWfIERWxSsD4tTXMmTP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:KIDkeKWfIq2T8gg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2668 090de8bc81e25fa7bef4385d7d361c16.exe -
Executes dropped EXE 1 IoCs
pid Process 2668 090de8bc81e25fa7bef4385d7d361c16.exe -
Loads dropped DLL 1 IoCs
pid Process 2248 090de8bc81e25fa7bef4385d7d361c16.exe -
resource yara_rule behavioral1/memory/2248-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/memory/2668-17-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0009000000012266-13.dat upx behavioral1/files/0x0009000000012266-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2248 090de8bc81e25fa7bef4385d7d361c16.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2248 090de8bc81e25fa7bef4385d7d361c16.exe 2668 090de8bc81e25fa7bef4385d7d361c16.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2248 wrote to memory of 2668 2248 090de8bc81e25fa7bef4385d7d361c16.exe 20 PID 2248 wrote to memory of 2668 2248 090de8bc81e25fa7bef4385d7d361c16.exe 20 PID 2248 wrote to memory of 2668 2248 090de8bc81e25fa7bef4385d7d361c16.exe 20 PID 2248 wrote to memory of 2668 2248 090de8bc81e25fa7bef4385d7d361c16.exe 20
Processes
-
C:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe"C:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exeC:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2668
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD5d784d938d2df03e5ce97e6a710c4b775
SHA161b14f4dcb9a02557f20adf179ce52de1c21afa9
SHA2563bc2b2b2f2f3cd7228872a5a5187fceed069083359fcda80f5bf40b34e1d5953
SHA5128db0d599a98ab5913dae8304b748b478ee348adc5adca579b3d36b2c62ce9ccd0183ad5799676efea0dd4a9e5afeb5a6478b3422c96ac5ca2604d52435f471ca
-
Filesize
90KB
MD5cf67fa52b4d0f5b96c6dc09ed20a227e
SHA1e7ea466122f4a02f6ea2570b2d847b10dcbda161
SHA25614957ea18ba487d4e2bca2e55218b588f5bf776f0e973527e888d43b04ba7aa8
SHA5126e157ae5f47a084ba6a74389315105c5c8ab29d464e17160cd4dc831c6f5ae7545a94e784967571a5bf26fbac5c2ad79bf5d7d8e1366a91522b7ff2add2cb46d