Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 00:29
Behavioral task
behavioral1
Sample
0897fc15dab686aefb5ad0ef2a153aa8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0897fc15dab686aefb5ad0ef2a153aa8.exe
Resource
win10v2004-20231215-en
General
-
Target
0897fc15dab686aefb5ad0ef2a153aa8.exe
-
Size
2.4MB
-
MD5
0897fc15dab686aefb5ad0ef2a153aa8
-
SHA1
2ac7d1e589bd2d9d7970ebe004119bbadf88b4b4
-
SHA256
3bf8f114cae4af01e2eb3a0f0ee13ebf678fdc039a7f92053f612cd1723b5269
-
SHA512
d17a8a93da1dc1734d51f256661d7e452cfb50b5b2f573dd0f6da312d34223c8463fae8f3d91657f7d914335352b9d26a9a8075ad1773136539c408f0ffe7b29
-
SSDEEP
49152:w5mmc0Ng/j2tFwKZrae+jnYyrtxr1hTWZ29P4M338dB2IBlGuuDVUsdxxjr:WmmvNsatFWev0P1Iogg3gnl/IVUs1jr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2128 0897fc15dab686aefb5ad0ef2a153aa8.exe -
Executes dropped EXE 1 IoCs
pid Process 2128 0897fc15dab686aefb5ad0ef2a153aa8.exe -
Loads dropped DLL 1 IoCs
pid Process 2004 0897fc15dab686aefb5ad0ef2a153aa8.exe -
resource yara_rule behavioral1/files/0x000a000000014825-15.dat upx behavioral1/files/0x000a000000014825-12.dat upx behavioral1/files/0x000a000000014825-10.dat upx behavioral1/memory/2004-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2004 0897fc15dab686aefb5ad0ef2a153aa8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2004 0897fc15dab686aefb5ad0ef2a153aa8.exe 2128 0897fc15dab686aefb5ad0ef2a153aa8.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2004 wrote to memory of 2128 2004 0897fc15dab686aefb5ad0ef2a153aa8.exe 17 PID 2004 wrote to memory of 2128 2004 0897fc15dab686aefb5ad0ef2a153aa8.exe 17 PID 2004 wrote to memory of 2128 2004 0897fc15dab686aefb5ad0ef2a153aa8.exe 17 PID 2004 wrote to memory of 2128 2004 0897fc15dab686aefb5ad0ef2a153aa8.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe"C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exeC:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2128
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
347KB
MD513258e2c53fdf8aec1080e6931be84e7
SHA15a268d022ee3101881eabbdb8ff488049207a4de
SHA256092cd018113c8b1ec2552e8e4f9447666372bcbeb1e31e4bdcbd3d1db82e6f8e
SHA51279ce20e150f2c842f8aebd231f8ba79ee9fe779b1f7f33d62e2f4ba89087e38422a671e0f545ad5d03ad8ebbb924b9a80044ed4d94c704fdd217939855b2b654
-
Filesize
93KB
MD54303e599d7f1cd82bc3a156775176dae
SHA156ba3c0d52bcd040b6a7a92bccc02c3892fcffad
SHA25650d96560ff38f95a28b1151d3d493d3cb113240e87e95f3a7db83e0cdbc3d54c
SHA5121bee4f881701b2bc631c404aa4efa0e8e8f8cff26f6fbbeee198f61e66d557e5067efac566a3dcf478799c24b8826b160eeca08fc57c53f14091a2403f56c99e