Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 05:08
Behavioral task
behavioral1
Sample
29645ef1959a0b8eb6dbfff30b5f9086.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
29645ef1959a0b8eb6dbfff30b5f9086.exe
Resource
win10v2004-20231222-en
3 signatures
150 seconds
General
-
Target
29645ef1959a0b8eb6dbfff30b5f9086.exe
-
Size
72KB
-
MD5
29645ef1959a0b8eb6dbfff30b5f9086
-
SHA1
629c4f2595024e003e426eaf174fb02ea000d5a5
-
SHA256
dca608b8663c9f6f5c0bd1fd5190764749a5d0de820c4659d609082a7fce5ee8
-
SHA512
773c2b9cb54e105d6db477fc987f625509ba2ffb649d3bdacf08d577e49fdd6ca0263ba94f86ea092d061bad13ba5e9d47b69b309dcd9ee5032618093ef2441f
-
SSDEEP
1536:D4Jt1dRpzpJGNzpriPftxyY+IkOw8hvyTAnBnqvl2Cnw0:DSpzpJ8punbyYhBB15qdL
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/3016-0-0x0000000000400000-0x000000000041B000-memory.dmp upx -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 3016 29645ef1959a0b8eb6dbfff30b5f9086.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3016 wrote to memory of 2892 3016 29645ef1959a0b8eb6dbfff30b5f9086.exe 28 PID 3016 wrote to memory of 2892 3016 29645ef1959a0b8eb6dbfff30b5f9086.exe 28 PID 3016 wrote to memory of 2892 3016 29645ef1959a0b8eb6dbfff30b5f9086.exe 28 PID 3016 wrote to memory of 2892 3016 29645ef1959a0b8eb6dbfff30b5f9086.exe 28 PID 3016 wrote to memory of 2892 3016 29645ef1959a0b8eb6dbfff30b5f9086.exe 28 PID 3016 wrote to memory of 2892 3016 29645ef1959a0b8eb6dbfff30b5f9086.exe 28 PID 3016 wrote to memory of 2892 3016 29645ef1959a0b8eb6dbfff30b5f9086.exe 28