Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 05:09
Behavioral task
behavioral1
Sample
0fa43c2811486255c977a77411b02aa7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0fa43c2811486255c977a77411b02aa7.exe
Resource
win10v2004-20231222-en
General
-
Target
0fa43c2811486255c977a77411b02aa7.exe
-
Size
2.7MB
-
MD5
0fa43c2811486255c977a77411b02aa7
-
SHA1
f94f51f576361d8ba6694c7e519d2b3bc49038e1
-
SHA256
0a00c03e251b79f0ed35f8fce2be7f4531c901058f2304e2e4e66bbcfaf1dfbe
-
SHA512
e84825341ef8a73fba5c9615675a82f3169bc5986f701fa42f553e9cb06ce2914d5243ea56dfa91bf36cfa6a16009c07108027182d47ae6e0bd6972ca9224222
-
SSDEEP
49152:ukV8msJ1E4Qnlg0dCGCjR2LGSFJZR9ktBc1+Q4YdxSChG38bDUggR9t:R8mYE4Qnlg0dCTxkHktBcwQDM2YIDULN
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1972 0fa43c2811486255c977a77411b02aa7.exe -
Executes dropped EXE 1 IoCs
pid Process 1972 0fa43c2811486255c977a77411b02aa7.exe -
Loads dropped DLL 1 IoCs
pid Process 1888 0fa43c2811486255c977a77411b02aa7.exe -
resource yara_rule behavioral1/memory/1888-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral1/files/0x000900000001222c-10.dat upx behavioral1/files/0x000900000001222c-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1888 0fa43c2811486255c977a77411b02aa7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1888 0fa43c2811486255c977a77411b02aa7.exe 1972 0fa43c2811486255c977a77411b02aa7.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1888 wrote to memory of 1972 1888 0fa43c2811486255c977a77411b02aa7.exe 28 PID 1888 wrote to memory of 1972 1888 0fa43c2811486255c977a77411b02aa7.exe 28 PID 1888 wrote to memory of 1972 1888 0fa43c2811486255c977a77411b02aa7.exe 28 PID 1888 wrote to memory of 1972 1888 0fa43c2811486255c977a77411b02aa7.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe"C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exeC:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1972
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
626KB
MD504a544130b15a35970fe053eded1356f
SHA1fd139e62a503549d5ab74d97b3f702d5ae668dad
SHA256fd204e3931c71e500890497485c4a08d31df702ffaee138c9694fb5f3bf0a703
SHA51284a9b0378fa5cd5cdaa33365423b1a8d599ec19bb2ed00a990e983c3e6072ceacf4f57072f7848cc2d2b24c016edfb9ad736c1969f26e31ca7f9ac1e8f18f467
-
Filesize
576KB
MD510581e5dfaba909cec66737c66b639f8
SHA159b1840ba3572d1f8fb461d5f930ab84fbe35ca1
SHA25688d319df53fe50201517edd493161bafe12605168f14cbea624abf366812badf
SHA512fd5a8f78f9d95f11e79a8ee6a95f44f4c33ac28836b2b0f0714b618465e02552ead49dfa3be036625ab60a6f2911095a238ffea3d9e87adff3b4e9ea8a0d801f