Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 14:24
Static task
static1
Behavioral task
behavioral1
Sample
1b557cb7dded392c94fb1e6908a55136.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1b557cb7dded392c94fb1e6908a55136.exe
Resource
win10v2004-20231215-en
General
-
Target
1b557cb7dded392c94fb1e6908a55136.exe
-
Size
82KB
-
MD5
1b557cb7dded392c94fb1e6908a55136
-
SHA1
91b14ae94dadbae436afadfda555da7707aace1f
-
SHA256
1cc8deb60b9c18cb30a58b67f92214db64488610551e96ca200a7d6ce35a1b74
-
SHA512
6de27d584ae51fa8a5a81a011c1b7d7eb7e61d054cbafc0b20eeed86bc0a17e4baaa86deb5b2cf786c1116fe84bd1f1411c3b6f2fe99a3d60514d633412014b6
-
SSDEEP
1536:KRPSLf2QTe8mxHHbX6hVFw9MovRhdBGk/u+AiqjyV61HJEVC4CE2o:f2lH+VAndZrD/BlP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2292 1b557cb7dded392c94fb1e6908a55136.exe -
Executes dropped EXE 1 IoCs
pid Process 2292 1b557cb7dded392c94fb1e6908a55136.exe -
Loads dropped DLL 1 IoCs
pid Process 840 1b557cb7dded392c94fb1e6908a55136.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 840 1b557cb7dded392c94fb1e6908a55136.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 840 1b557cb7dded392c94fb1e6908a55136.exe 2292 1b557cb7dded392c94fb1e6908a55136.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 840 wrote to memory of 2292 840 1b557cb7dded392c94fb1e6908a55136.exe 18 PID 840 wrote to memory of 2292 840 1b557cb7dded392c94fb1e6908a55136.exe 18 PID 840 wrote to memory of 2292 840 1b557cb7dded392c94fb1e6908a55136.exe 18 PID 840 wrote to memory of 2292 840 1b557cb7dded392c94fb1e6908a55136.exe 18
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b557cb7dded392c94fb1e6908a55136.exe"C:\Users\Admin\AppData\Local\Temp\1b557cb7dded392c94fb1e6908a55136.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:840 -
C:\Users\Admin\AppData\Local\Temp\1b557cb7dded392c94fb1e6908a55136.exeC:\Users\Admin\AppData\Local\Temp\1b557cb7dded392c94fb1e6908a55136.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2292
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5152cdeeb7e55c347fb3db2dd4592def4
SHA105ca59eeb33bf2297e6ab154e42d17e8b60cf8c7
SHA256d1621f25220356ee328bf0da33b68788c154186a44c0950521d284dec7b6af14
SHA512e743ccfa733773e633bbd68d3788fd555a956f2c48f169df5c28bc9e7c5ebf8f68d8c178521505c9b0f4e26c5b7625f621d28d91fea81f6137e7578871b846b5