Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 07:04
Static task
static1
Behavioral task
behavioral1
Sample
11b0bf6731b2d4a8b2a433fb028f48e5.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
11b0bf6731b2d4a8b2a433fb028f48e5.exe
Resource
win10v2004-20231215-en
General
-
Target
11b0bf6731b2d4a8b2a433fb028f48e5.exe
-
Size
385KB
-
MD5
11b0bf6731b2d4a8b2a433fb028f48e5
-
SHA1
889bb733773142c711d447569c0b1947aae15069
-
SHA256
014e86f83200895728bff7b86d5eec1cec82003ac8c8fdede1f9db78d7be8585
-
SHA512
cb41710c1cfc85124b1ceb4a0ab1c33fceb5fb39c5ba80ce9461aab6cd6c32bd7adc2dbc9db9a1cce0627593ea41edba0e855cee21f7d1e467a098154727a975
-
SSDEEP
12288:2605Rc7LYWu/upkzFQnXX88xsg7UaMn8rJRUynEMSg4N/dO7tHB:705RgLYtSSQXJswlB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2936 11b0bf6731b2d4a8b2a433fb028f48e5.exe -
Executes dropped EXE 1 IoCs
pid Process 2936 11b0bf6731b2d4a8b2a433fb028f48e5.exe -
Loads dropped DLL 1 IoCs
pid Process 2396 11b0bf6731b2d4a8b2a433fb028f48e5.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2396 11b0bf6731b2d4a8b2a433fb028f48e5.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2396 11b0bf6731b2d4a8b2a433fb028f48e5.exe 2936 11b0bf6731b2d4a8b2a433fb028f48e5.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2396 wrote to memory of 2936 2396 11b0bf6731b2d4a8b2a433fb028f48e5.exe 16 PID 2396 wrote to memory of 2936 2396 11b0bf6731b2d4a8b2a433fb028f48e5.exe 16 PID 2396 wrote to memory of 2936 2396 11b0bf6731b2d4a8b2a433fb028f48e5.exe 16 PID 2396 wrote to memory of 2936 2396 11b0bf6731b2d4a8b2a433fb028f48e5.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exeC:\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exe1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2936
-
C:\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exe"C:\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2396
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5ab094a0efe04912ad2a0314b6fbf7902
SHA14f8ae8545e5f932966c723b3d962b7d5daa4efc1
SHA256162d8cc573978f6cc9531a3ddfe340b97763ee16c189a16f90ef8c42de537f08
SHA5121061a78f71fd355976988159ca73f7d5b16154d14d44665de85d1330b4807b774fee6bfaf1e9bbcf1e78e61e11a870ad6388c6afa8faaeb069ee77ad90aeb2c2