Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 03:28
Static task
static1
Behavioral task
behavioral1
Sample
2665be2a0c1b649921dff2e915388457.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2665be2a0c1b649921dff2e915388457.exe
Resource
win10v2004-20231215-en
General
-
Target
2665be2a0c1b649921dff2e915388457.exe
-
Size
3.4MB
-
MD5
2665be2a0c1b649921dff2e915388457
-
SHA1
2bb5905d8fa754b834214cdb85a58db098721897
-
SHA256
1245b2a19816985f5667ef344b760c1a2eb71683f457a58180cfc6ea2d42b416
-
SHA512
fc45c6fc2e9e6f4166ace9aaa5359638e428862e23221a56aff7fbbddf0d10beb09757c062d251c7f935ae691a49f559d89cd8cb7763213c2c1c86b731496833
-
SSDEEP
98304:aJDC5ue1FbbzvD0ECIJ457WIPXpiqGxGVNebSivZnH:aJ+5ue1FbvvwECIa5dP5Uwe2UZ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2316 2665be2a0c1b649921dff2e915388457.tmp -
Loads dropped DLL 4 IoCs
pid Process 2732 2665be2a0c1b649921dff2e915388457.exe 2316 2665be2a0c1b649921dff2e915388457.tmp 2316 2665be2a0c1b649921dff2e915388457.tmp 2316 2665be2a0c1b649921dff2e915388457.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2316 2665be2a0c1b649921dff2e915388457.tmp 2316 2665be2a0c1b649921dff2e915388457.tmp -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2316 2665be2a0c1b649921dff2e915388457.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2732 wrote to memory of 2316 2732 2665be2a0c1b649921dff2e915388457.exe 16 PID 2732 wrote to memory of 2316 2732 2665be2a0c1b649921dff2e915388457.exe 16 PID 2732 wrote to memory of 2316 2732 2665be2a0c1b649921dff2e915388457.exe 16 PID 2732 wrote to memory of 2316 2732 2665be2a0c1b649921dff2e915388457.exe 16 PID 2732 wrote to memory of 2316 2732 2665be2a0c1b649921dff2e915388457.exe 16 PID 2732 wrote to memory of 2316 2732 2665be2a0c1b649921dff2e915388457.exe 16 PID 2732 wrote to memory of 2316 2732 2665be2a0c1b649921dff2e915388457.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\is-J8HSE.tmp\2665be2a0c1b649921dff2e915388457.tmp"C:\Users\Admin\AppData\Local\Temp\is-J8HSE.tmp\2665be2a0c1b649921dff2e915388457.tmp" /SL5="$400F8,2842439,70144,C:\Users\Admin\AppData\Local\Temp\2665be2a0c1b649921dff2e915388457.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2316
-
C:\Users\Admin\AppData\Local\Temp\2665be2a0c1b649921dff2e915388457.exe"C:\Users\Admin\AppData\Local\Temp\2665be2a0c1b649921dff2e915388457.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD59fdeefe923d7ac3d9f222159cc22f5e1
SHA1a3af0d9c8f3e29e0ec2a1acc7f4ffc643dbddb1b
SHA2563fd90d3e0fd6ff1e8c59596d7cae5001e16cd4ba2c39049756fea448b3da6368
SHA512d9beeb18014382319d53567f028064915ae18fe6a8b2e3fe2db3b22886ec8a795ca0d6c9c1604195387fb83df5d7e9f235f04dc99ca01742c96a18485f150e66