Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 03:50
Static task
static1
Behavioral task
behavioral1
Sample
0d79e7323786394f0d89b4d7590e96fa.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0d79e7323786394f0d89b4d7590e96fa.exe
Resource
win10v2004-20231222-en
General
-
Target
0d79e7323786394f0d89b4d7590e96fa.exe
-
Size
82KB
-
MD5
0d79e7323786394f0d89b4d7590e96fa
-
SHA1
b642482b0980ec5e2031df05b9119fa76be9f230
-
SHA256
baca6a8dda4cbb1da93b5c2b418bd6a45b63b7ad8a5cc919e46bae6823a646e1
-
SHA512
cbcd523cf2d2dd768d28e9a37b6ae5f169a2f8fd58406b7557ffdca54446a5f758fd2817e02eca0ababf6624e3fdaf16519995fdf790cb71e62a2f3d32237c09
-
SSDEEP
1536:CIw4srbbYvfW+CDMEXEAGKhpEbnmNHPNlTvc4Mj9MPhYVzRHENy/PYKp44TG5V:nFsrY3W+nE0AGKYbEHbwD+mzRusgKp4z
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1808 0d79e7323786394f0d89b4d7590e96fa.exe -
Executes dropped EXE 1 IoCs
pid Process 1808 0d79e7323786394f0d89b4d7590e96fa.exe -
Loads dropped DLL 1 IoCs
pid Process 1156 0d79e7323786394f0d89b4d7590e96fa.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1156 0d79e7323786394f0d89b4d7590e96fa.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1156 0d79e7323786394f0d89b4d7590e96fa.exe 1808 0d79e7323786394f0d89b4d7590e96fa.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1156 wrote to memory of 1808 1156 0d79e7323786394f0d89b4d7590e96fa.exe 29 PID 1156 wrote to memory of 1808 1156 0d79e7323786394f0d89b4d7590e96fa.exe 29 PID 1156 wrote to memory of 1808 1156 0d79e7323786394f0d89b4d7590e96fa.exe 29 PID 1156 wrote to memory of 1808 1156 0d79e7323786394f0d89b4d7590e96fa.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d79e7323786394f0d89b4d7590e96fa.exe"C:\Users\Admin\AppData\Local\Temp\0d79e7323786394f0d89b4d7590e96fa.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Users\Admin\AppData\Local\Temp\0d79e7323786394f0d89b4d7590e96fa.exeC:\Users\Admin\AppData\Local\Temp\0d79e7323786394f0d89b4d7590e96fa.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1808
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD58799b6891952a896316bdf52f07a3402
SHA1e4dddae1267a7c586438fcd0439acbd1690bfa1d
SHA256a986c2795f20455dfa9b80717a4c08e575f355049bcd1ef7c4804d281d65103f
SHA5129d8704ac79145d6a40f6292b9d4d1fac267d4186961dc317eabaead0a46bc4d5970c643ff86c81c7a8188cbc6067ccc2078f60d89cd03d35825b329bef69e903