Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
30/12/2023, 07:30
General
-
Target
122f75e955506c1d65d0744d5df91673.exe
-
Size
82KB
-
MD5
122f75e955506c1d65d0744d5df91673
-
SHA1
e2f265c9fcbdc238cbd295ca28d4fe518d6be037
-
SHA256
1280550c5d640fb36e549b26dd9736f9bab031dd9da33747e3667294566f896b
-
SHA512
647be8cd7d1276ca8e5ae0e238b600076980a5af6ae44b386cd30e704c64f3922f2c6b26d7a8410a770a584cb0e1f71bbee5124e98d88dccca24b83633684015
-
SSDEEP
1536:zR9G+mQWL66LKrF1QJMPhHLTYvW4Yr/5kO3RwAw:DG+x6LKrj2M5Ij4BC
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\122f75e955506c1d65d0744d5df91673.exe"C:\Users\Admin\AppData\Local\Temp\122f75e955506c1d65d0744d5df91673.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\122f75e955506c1d65d0744d5df91673.exeC:\Users\Admin\AppData\Local\Temp\122f75e955506c1d65d0744d5df91673.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5fd34032140608c61702b5e00208f6795
SHA13c021979fbee273a30f8210d652ac7e86912a438
SHA256690bba0326bb0e8cb97233081fe73ca9040977945c52ff02c9ac3a5aedefa256
SHA5121db0098f45d680525bcccb1aae9353c6cdc30f1038a62203c4c616e55ee3a8412b889ceb3be4cecfc5b1e09ba13c64dd20f2acae5d3d33c2b76c307b9b753293
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
56KB
-
Filesize
108KB
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
108KB
-
Filesize
188KB
-
Filesize
108KB