Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
2318a29260a04a40f600f1bae1c751b8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2318a29260a04a40f600f1bae1c751b8.exe
Resource
win10v2004-20231222-en
General
-
Target
2318a29260a04a40f600f1bae1c751b8.exe
-
Size
82KB
-
MD5
2318a29260a04a40f600f1bae1c751b8
-
SHA1
9186a091f0068c8527d795fb8aa6482f18180d54
-
SHA256
0c35321e7d26eb96165fc336a172e4631bc7f44a59bf79d36486a0bee47726ec
-
SHA512
92e4031e9006e92652df829d7908b361b5e01a1fe75ce8ec52988c76fb239e663ade544ab530d97162bcfc254f97dc3d0256f7cd7de2d989bd8243712d03ffff
-
SSDEEP
1536:bcjs3ctD+RrMOzVOrsIPdfrzcfwCbXFYc4RcjwsH2dmMa9:psh+RBUoI5cHWfUwNY
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2808 2318a29260a04a40f600f1bae1c751b8.exe -
Executes dropped EXE 1 IoCs
pid Process 2808 2318a29260a04a40f600f1bae1c751b8.exe -
Loads dropped DLL 1 IoCs
pid Process 2780 2318a29260a04a40f600f1bae1c751b8.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2780 2318a29260a04a40f600f1bae1c751b8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2780 2318a29260a04a40f600f1bae1c751b8.exe 2808 2318a29260a04a40f600f1bae1c751b8.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2780 wrote to memory of 2808 2780 2318a29260a04a40f600f1bae1c751b8.exe 29 PID 2780 wrote to memory of 2808 2780 2318a29260a04a40f600f1bae1c751b8.exe 29 PID 2780 wrote to memory of 2808 2780 2318a29260a04a40f600f1bae1c751b8.exe 29 PID 2780 wrote to memory of 2808 2780 2318a29260a04a40f600f1bae1c751b8.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\2318a29260a04a40f600f1bae1c751b8.exe"C:\Users\Admin\AppData\Local\Temp\2318a29260a04a40f600f1bae1c751b8.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\Users\Admin\AppData\Local\Temp\2318a29260a04a40f600f1bae1c751b8.exeC:\Users\Admin\AppData\Local\Temp\2318a29260a04a40f600f1bae1c751b8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2808
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5a44dcd14e92a2b241207010aeb463690
SHA1a65d53e3c18f4dae8580685f50c4fddaf2af4b21
SHA2564d78dd321e88071b950b442fa8fe9f3b38b42ce38b674caf9d6e858fe84ecd13
SHA512ccf99c7faa109f040655b9274fe9a5ad6ff82ceb38614b9859e9493f0376f2a1c4def38158a309c2046c5579af4606fbb3d64a9efe6e7d0b3bf1ed28942eb2b0