Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 20:25
Static task
static1
Behavioral task
behavioral1
Sample
1bd0536bbb58125a5006c1e597e7235f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1bd0536bbb58125a5006c1e597e7235f.exe
Resource
win10v2004-20231215-en
General
-
Target
1bd0536bbb58125a5006c1e597e7235f.exe
-
Size
385KB
-
MD5
1bd0536bbb58125a5006c1e597e7235f
-
SHA1
04bc46012d2bb992a812f493a1b33887fccd2ada
-
SHA256
6e0ae996a81e1859fe2a039edffa1bddd0194a15078eb1056314b57d99335167
-
SHA512
d37c18a8a35d9009ce073e6e060b0f333f2faa6da17e49f82803722d4d4e8b452842a37c9d098441115a2c42aa872a315dde08cef739927a7023a1753e00cbb4
-
SSDEEP
6144:stB5xZ694yiFHM5SnwozuW7YsIpsRP0cqU8NaNZomeLBXx/V5rP7PB:YBPZPyiC52qW7wpsJuUEwameLBZLB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2620 1bd0536bbb58125a5006c1e597e7235f.exe -
Executes dropped EXE 1 IoCs
pid Process 2620 1bd0536bbb58125a5006c1e597e7235f.exe -
Loads dropped DLL 1 IoCs
pid Process 2932 1bd0536bbb58125a5006c1e597e7235f.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2932 1bd0536bbb58125a5006c1e597e7235f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2932 1bd0536bbb58125a5006c1e597e7235f.exe 2620 1bd0536bbb58125a5006c1e597e7235f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 2620 2932 1bd0536bbb58125a5006c1e597e7235f.exe 17 PID 2932 wrote to memory of 2620 2932 1bd0536bbb58125a5006c1e597e7235f.exe 17 PID 2932 wrote to memory of 2620 2932 1bd0536bbb58125a5006c1e597e7235f.exe 17 PID 2932 wrote to memory of 2620 2932 1bd0536bbb58125a5006c1e597e7235f.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\1bd0536bbb58125a5006c1e597e7235f.exe"C:\Users\Admin\AppData\Local\Temp\1bd0536bbb58125a5006c1e597e7235f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\1bd0536bbb58125a5006c1e597e7235f.exeC:\Users\Admin\AppData\Local\Temp\1bd0536bbb58125a5006c1e597e7235f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2620
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
381KB
MD574fdb19c03fae6012510387ec7808625
SHA1f33db3ece77104da37c5d13c10af6c323c5cdc2e
SHA2563ecc45084096007a59a616757bfc6dfad9816e590ad834f35c9fb6c766585e13
SHA51281f2f60043438b1f8450f14f5af2bc150c23dece10658bbbeacc8c39584bc6bc128383d408fa0fb6efe25f4dfda6606765253ca4f83d85374d91b0b60726ebe2
-
Filesize
94KB
MD5c707081e382f3110d39cbc7137504062
SHA168f7670b2158d0b01b73a2c761fd35a21d14390c
SHA25667f9698e3f152307c4b58e61f3cf6bbd4c082af0a297f00dad6423b8b0bbed19
SHA51243570b85b4516218e57ebbef57c3fb181b764b66de74df0195441812b9d2771d67cc70c7207771d56c8d2123bf4e20017e4eb3edf674225a5f2db41d6b04f599