Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 07:30
Static task
static1
Behavioral task
behavioral1
Sample
122f75e955506c1d65d0744d5df91673.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
122f75e955506c1d65d0744d5df91673.exe
Resource
win10v2004-20231215-en
General
-
Target
122f75e955506c1d65d0744d5df91673.exe
-
Size
82KB
-
MD5
122f75e955506c1d65d0744d5df91673
-
SHA1
e2f265c9fcbdc238cbd295ca28d4fe518d6be037
-
SHA256
1280550c5d640fb36e549b26dd9736f9bab031dd9da33747e3667294566f896b
-
SHA512
647be8cd7d1276ca8e5ae0e238b600076980a5af6ae44b386cd30e704c64f3922f2c6b26d7a8410a770a584cb0e1f71bbee5124e98d88dccca24b83633684015
-
SSDEEP
1536:zR9G+mQWL66LKrF1QJMPhHLTYvW4Yr/5kO3RwAw:DG+x6LKrj2M5Ij4BC
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1700 122f75e955506c1d65d0744d5df91673.exe -
Executes dropped EXE 1 IoCs
pid Process 1700 122f75e955506c1d65d0744d5df91673.exe -
Loads dropped DLL 1 IoCs
pid Process 2052 122f75e955506c1d65d0744d5df91673.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2052 122f75e955506c1d65d0744d5df91673.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2052 122f75e955506c1d65d0744d5df91673.exe 1700 122f75e955506c1d65d0744d5df91673.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2052 wrote to memory of 1700 2052 122f75e955506c1d65d0744d5df91673.exe 29 PID 2052 wrote to memory of 1700 2052 122f75e955506c1d65d0744d5df91673.exe 29 PID 2052 wrote to memory of 1700 2052 122f75e955506c1d65d0744d5df91673.exe 29 PID 2052 wrote to memory of 1700 2052 122f75e955506c1d65d0744d5df91673.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\122f75e955506c1d65d0744d5df91673.exe"C:\Users\Admin\AppData\Local\Temp\122f75e955506c1d65d0744d5df91673.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Users\Admin\AppData\Local\Temp\122f75e955506c1d65d0744d5df91673.exeC:\Users\Admin\AppData\Local\Temp\122f75e955506c1d65d0744d5df91673.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1700
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5fd34032140608c61702b5e00208f6795
SHA13c021979fbee273a30f8210d652ac7e86912a438
SHA256690bba0326bb0e8cb97233081fe73ca9040977945c52ff02c9ac3a5aedefa256
SHA5121db0098f45d680525bcccb1aae9353c6cdc30f1038a62203c4c616e55ee3a8412b889ceb3be4cecfc5b1e09ba13c64dd20f2acae5d3d33c2b76c307b9b753293