Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 04:46
Behavioral task
behavioral1
Sample
28bde079fb4a3cabf6e6e08b52219368.exe
Resource
win7-20231215-en
General
-
Target
28bde079fb4a3cabf6e6e08b52219368.exe
-
Size
784KB
-
MD5
28bde079fb4a3cabf6e6e08b52219368
-
SHA1
54003507048364f97b32a5189fb5e690a70c407b
-
SHA256
72409b0ab912becf69ce938620aef301f6339002043c38a0adef7d05345ba551
-
SHA512
ee9a9a3c330fc2e757e6054e470282b777aeeee7c9608a781b61db45032de05fd362bd78f000d7f66b1380050ea7bc7f38ff0f82cc214bd16022e95c7a05688c
-
SSDEEP
24576:dygF637fyeqGUxN+05w5MMFPX1QtGC+rPlkskeE3ypYo:a7qUUtOq9yWo
Malware Config
Signatures
-
XMRig Miner payload 7 IoCs
resource yara_rule behavioral1/memory/2236-1-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2156-26-0x0000000003030000-0x00000000031C3000-memory.dmp xmrig behavioral1/memory/2156-24-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/2156-18-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2236-14-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2156-35-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/2156-34-0x00000000005A0000-0x000000000071F000-memory.dmp xmrig -
Deletes itself 1 IoCs
pid Process 2156 28bde079fb4a3cabf6e6e08b52219368.exe -
Executes dropped EXE 1 IoCs
pid Process 2156 28bde079fb4a3cabf6e6e08b52219368.exe -
Loads dropped DLL 1 IoCs
pid Process 2236 28bde079fb4a3cabf6e6e08b52219368.exe -
resource yara_rule behavioral1/memory/2236-0-0x0000000000400000-0x0000000000712000-memory.dmp upx behavioral1/files/0x0009000000012262-10.dat upx behavioral1/files/0x0009000000012262-16.dat upx behavioral1/memory/2156-17-0x0000000000400000-0x0000000000712000-memory.dmp upx behavioral1/memory/2236-15-0x00000000030E0000-0x00000000033F2000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2236 28bde079fb4a3cabf6e6e08b52219368.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2236 28bde079fb4a3cabf6e6e08b52219368.exe 2156 28bde079fb4a3cabf6e6e08b52219368.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2236 wrote to memory of 2156 2236 28bde079fb4a3cabf6e6e08b52219368.exe 29 PID 2236 wrote to memory of 2156 2236 28bde079fb4a3cabf6e6e08b52219368.exe 29 PID 2236 wrote to memory of 2156 2236 28bde079fb4a3cabf6e6e08b52219368.exe 29 PID 2236 wrote to memory of 2156 2236 28bde079fb4a3cabf6e6e08b52219368.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe"C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exeC:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2156
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
521KB
MD5d125ae7ff256cd415b6d4c63505a8a82
SHA1d9a21de5c276c643e7bfbbcf9fc79b2ed76b6ff0
SHA2562d10860ab67af4fc5684fb7da7842bb2db30dde1e295b9100c2428c43d67bd69
SHA51200a751209c657c676886443e1c72b11ac8be319ec20da9f6600e008815d2d8f67935c060cff45033e0b4331d0789143bb0afd7bfa5e9a770570c925550d2ed3d