Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 05:21
Behavioral task
behavioral1
Sample
29c9eba761e291009efe78b10040b36a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
29c9eba761e291009efe78b10040b36a.exe
Resource
win10v2004-20231215-en
General
-
Target
29c9eba761e291009efe78b10040b36a.exe
-
Size
1.3MB
-
MD5
29c9eba761e291009efe78b10040b36a
-
SHA1
fabddddd700863cb2a7e84e3c7c98d1780fffdf5
-
SHA256
ee56ab26a0c5b121ca4494e9ae6adef50560682ff47d2a8f4db5b1cc4e8edcb7
-
SHA512
91ebec49f625daf6692f514197c1004113590f1fd91754f03c708005d39e5523e79387844167e8ab4603deda7753691e1536f243e76acefe73a0f10fc6709527
-
SSDEEP
24576:VpWSVExuyNyhWM1YNMErlMbHVkXJRyUuHiaGFN3XA/kfKK0g/E4lqoU9/9Us:Vp1VExNybYNMmlOHVGkiaGFNHA/K/5MX
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1964 29c9eba761e291009efe78b10040b36a.exe -
Executes dropped EXE 1 IoCs
pid Process 1964 29c9eba761e291009efe78b10040b36a.exe -
Loads dropped DLL 1 IoCs
pid Process 2360 29c9eba761e291009efe78b10040b36a.exe -
resource yara_rule behavioral1/files/0x0009000000014120-13.dat upx behavioral1/files/0x0009000000014120-10.dat upx behavioral1/memory/2360-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2360 29c9eba761e291009efe78b10040b36a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2360 29c9eba761e291009efe78b10040b36a.exe 1964 29c9eba761e291009efe78b10040b36a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2360 wrote to memory of 1964 2360 29c9eba761e291009efe78b10040b36a.exe 16 PID 2360 wrote to memory of 1964 2360 29c9eba761e291009efe78b10040b36a.exe 16 PID 2360 wrote to memory of 1964 2360 29c9eba761e291009efe78b10040b36a.exe 16 PID 2360 wrote to memory of 1964 2360 29c9eba761e291009efe78b10040b36a.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe"C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exeC:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1964
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
93KB
MD540b40a1434fd7fc022ba9bcf019d5f1a
SHA10ef956e89a1bab437bb8a77e772e128dca1c3803
SHA2566e22657f9236c9edb5d408a7415eb75ee456de4adabe1e63be2b8c24327bf3f0
SHA512ae6a29a50263ffb998f4d69f9a6962ba9be16fa5e12c218dd94b12110072d654f8e7bf98a89d5edb73e8661ee8768d6c5628958e4eb617ade2b7ace0a57cc6cd
-
Filesize
348KB
MD5586f007e4f6729bec5b69dfb70cceea2
SHA1391093e59ff0f8222bece789cc968f463ad0635f
SHA2566e16ba6a4941de95a2f82e0dc6ab92e9676b2d160f4d0304a3c3cd32853942ad
SHA512dd18b0d5dc0f061da1c1eb2c84124ae50eccd345a838860ceaa08cdb36f88eb01cd587f09f7f1d5d6a8d6a79a7eb7dec8ff5edb982471e85169b99ed737acc60