Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 02:23
Behavioral task
behavioral1
Sample
2462d70108ce8871f91162212aee7f57.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2462d70108ce8871f91162212aee7f57.exe
Resource
win10v2004-20231215-en
General
-
Target
2462d70108ce8871f91162212aee7f57.exe
-
Size
2.9MB
-
MD5
2462d70108ce8871f91162212aee7f57
-
SHA1
7974c42b2084acbe7017a04b79c688f175b1b5e1
-
SHA256
36f822ec79ef01d55fdfa1af3310ad568ca784023cbd1eba53ffeb815897f1a3
-
SHA512
d800df5b3024fefc73d6b250a0fb9c3f70a9d59e7a1da44787ac7da4b2baf3f36be6b12dcf1c939aee14438423f71978e3a4d6f1520534e509e50218d26f131e
-
SSDEEP
49152:4ziVIAF0Bi5llgbwWDgPE8lSCx0+ZHpY9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:ihDawbwWD+1lTrYHau42c1joCjMPkNwv
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2692 2462d70108ce8871f91162212aee7f57.exe -
Executes dropped EXE 1 IoCs
pid Process 2692 2462d70108ce8871f91162212aee7f57.exe -
Loads dropped DLL 1 IoCs
pid Process 2996 2462d70108ce8871f91162212aee7f57.exe -
resource yara_rule behavioral1/memory/2996-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a000000012253-10.dat upx behavioral1/files/0x000a000000012253-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2996 2462d70108ce8871f91162212aee7f57.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2996 2462d70108ce8871f91162212aee7f57.exe 2692 2462d70108ce8871f91162212aee7f57.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2996 wrote to memory of 2692 2996 2462d70108ce8871f91162212aee7f57.exe 18 PID 2996 wrote to memory of 2692 2996 2462d70108ce8871f91162212aee7f57.exe 18 PID 2996 wrote to memory of 2692 2996 2462d70108ce8871f91162212aee7f57.exe 18 PID 2996 wrote to memory of 2692 2996 2462d70108ce8871f91162212aee7f57.exe 18
Processes
-
C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe"C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exeC:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2692
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
318KB
MD5d96e947e1829d25dfd966c944bb96211
SHA1e5b951cbe3b7fc449e84655439eb98369bac6d77
SHA25672da26e91586f9348d76d9c6d69f6f0e4bc4755d4efab49b84292aceb45bd3f3
SHA5123727873eacb719fe94b446aab52f874249a2dd6f0788cb78e49ae3b68d3a10f7abcc6a94ac1f2b3649848acdf551afeffe657fa1538d0804d8f7640e21ab2f0a
-
Filesize
495KB
MD53fbf4e2b042875f7d97aa6de80bddb8d
SHA17c63118bcb7a8f97ee7350958def47de5f5f6929
SHA256d01ae3d2f3e7fc0b2c898eff8a8abb57d6b373741c28a1e553722079f8ce313c
SHA5129a3f83054ee17adb3832671af3744f03a4c19201e95f498c32147e3aef3caad7ff59a9e23585f15be0fb7227d5ae84b15bce66ba2c6546662d0961545ae9dcd3