Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 06:59
Static task
static1
Behavioral task
behavioral1
Sample
2c84b5460d6aa8f6aba79a1fe14549e8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2c84b5460d6aa8f6aba79a1fe14549e8.exe
Resource
win10v2004-20231222-en
General
-
Target
2c84b5460d6aa8f6aba79a1fe14549e8.exe
-
Size
1.9MB
-
MD5
2c84b5460d6aa8f6aba79a1fe14549e8
-
SHA1
cec335d7208c3bc8d624470e9aa1112addf11249
-
SHA256
c483a986e9f80d3497ebf2770195ba8fe919d56605c33199e59b7e921637ce35
-
SHA512
d44affb804dac27489d2ceed8db88952ec446f79b8534cb397be34bbbaf4426bebdee9a1e60a989426bc65ab43133e390d686e776780ff6366a01bf7f4f473fe
-
SSDEEP
49152:Qoa1taC070dlHfkyB5dOO44RVkRwM58Mr:Qoa1taC0CfkO5dQykwfS
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 900 91E3.tmp -
Executes dropped EXE 1 IoCs
pid Process 900 91E3.tmp -
Loads dropped DLL 1 IoCs
pid Process 1712 2c84b5460d6aa8f6aba79a1fe14549e8.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1712 wrote to memory of 900 1712 2c84b5460d6aa8f6aba79a1fe14549e8.exe 28 PID 1712 wrote to memory of 900 1712 2c84b5460d6aa8f6aba79a1fe14549e8.exe 28 PID 1712 wrote to memory of 900 1712 2c84b5460d6aa8f6aba79a1fe14549e8.exe 28 PID 1712 wrote to memory of 900 1712 2c84b5460d6aa8f6aba79a1fe14549e8.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c84b5460d6aa8f6aba79a1fe14549e8.exe"C:\Users\Admin\AppData\Local\Temp\2c84b5460d6aa8f6aba79a1fe14549e8.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Users\Admin\AppData\Local\Temp\91E3.tmp"C:\Users\Admin\AppData\Local\Temp\91E3.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2c84b5460d6aa8f6aba79a1fe14549e8.exe 7F60D147D1AC500779468C51C43931CE36D75E319A10485D62ED7B187EAFDD4A3521A7231C554F7D6E973B8535B68BBAD3E777E988470219CC5FDBCD4A45BBD22⤵
- Deletes itself
- Executes dropped EXE
PID:900
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD51626a382f668d559e4f29696a558aef2
SHA19b0380f9886a36867c23f2dbb636cad1ff94e237
SHA256e82493d6fab720fa5673ee8e1cc3429a479873b11b1b0fa899313ef8272dd0ea
SHA512e74d2d49d8e023fc27c3d76f054f40e4f6f4a1dc25c1ff7983c2a60f38d0424663a2d60f8abfeac0cca0e1c69f44212c015e5bd99ff36174d6653a0ea38b07ab