Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 03:35
Static task
static1
Behavioral task
behavioral1
Sample
269028e17856714520aebd0afdd89c6e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
269028e17856714520aebd0afdd89c6e.exe
Resource
win10v2004-20231222-en
General
-
Target
269028e17856714520aebd0afdd89c6e.exe
-
Size
2KB
-
MD5
269028e17856714520aebd0afdd89c6e
-
SHA1
74ba15bbd6f669c36092e6175ac8d22dd7580d59
-
SHA256
473a86fbad7b291709a52cb5d8fc1dbeb8436075762f03d204d008954e0961fc
-
SHA512
23169de5362c37145588a15f7dfec547f68687e710f6f0041c143b17975a3b72a2db53726b41593d179e3f429a2e908df92a7faea95e01bf0673a0803cdf3ff9
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2060 aIg.exe -
Loads dropped DLL 2 IoCs
pid Process 1948 269028e17856714520aebd0afdd89c6e.exe 1948 269028e17856714520aebd0afdd89c6e.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\aIg = "\"C:\\Windows\\SysWOW64\\aIg.exe\" /a" aIg.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\aIg.exe 269028e17856714520aebd0afdd89c6e.exe File opened for modification C:\Windows\SysWOW64\aIg.exe 269028e17856714520aebd0afdd89c6e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1948 wrote to memory of 2060 1948 269028e17856714520aebd0afdd89c6e.exe 28 PID 1948 wrote to memory of 2060 1948 269028e17856714520aebd0afdd89c6e.exe 28 PID 1948 wrote to memory of 2060 1948 269028e17856714520aebd0afdd89c6e.exe 28 PID 1948 wrote to memory of 2060 1948 269028e17856714520aebd0afdd89c6e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\269028e17856714520aebd0afdd89c6e.exe"C:\Users\Admin\AppData\Local\Temp\269028e17856714520aebd0afdd89c6e.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\SysWOW64\aIg.exeC:\Windows\system32\aIg.exe /a2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5269028e17856714520aebd0afdd89c6e
SHA174ba15bbd6f669c36092e6175ac8d22dd7580d59
SHA256473a86fbad7b291709a52cb5d8fc1dbeb8436075762f03d204d008954e0961fc
SHA51223169de5362c37145588a15f7dfec547f68687e710f6f0041c143b17975a3b72a2db53726b41593d179e3f429a2e908df92a7faea95e01bf0673a0803cdf3ff9