Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 12:50
Behavioral task
behavioral1
Sample
36bc96beb8c702c884bdbaff9d949240.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
36bc96beb8c702c884bdbaff9d949240.exe
Resource
win10v2004-20231222-en
General
-
Target
36bc96beb8c702c884bdbaff9d949240.exe
-
Size
5.8MB
-
MD5
36bc96beb8c702c884bdbaff9d949240
-
SHA1
0c2a52ded9931ae6f75213b29648cdc8c942c5f1
-
SHA256
8b8fb2b97f394c1bd87409ea482a61f668d9c2e92b6c30ffd92bbb66fcd00a0a
-
SHA512
29e4da0cc74f3241b7b5fda5f2a3d9917b036aa71a2f06094cee830d9817fc8f0c861cdce69aae0ce004c0e8eda7ac6c2fd4ba80a0da635e07793115785b5a9e
-
SSDEEP
98304:ECJ2lMjqf6eZGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:ECUlMp8GhRaaCkN9qHGhRa
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2172 36bc96beb8c702c884bdbaff9d949240.exe -
Executes dropped EXE 1 IoCs
pid Process 2172 36bc96beb8c702c884bdbaff9d949240.exe -
Loads dropped DLL 1 IoCs
pid Process 948 36bc96beb8c702c884bdbaff9d949240.exe -
resource yara_rule behavioral1/memory/948-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000c0000000122f0-14.dat upx behavioral1/files/0x000c0000000122f0-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 948 36bc96beb8c702c884bdbaff9d949240.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 948 36bc96beb8c702c884bdbaff9d949240.exe 2172 36bc96beb8c702c884bdbaff9d949240.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 948 wrote to memory of 2172 948 36bc96beb8c702c884bdbaff9d949240.exe 17 PID 948 wrote to memory of 2172 948 36bc96beb8c702c884bdbaff9d949240.exe 17 PID 948 wrote to memory of 2172 948 36bc96beb8c702c884bdbaff9d949240.exe 17 PID 948 wrote to memory of 2172 948 36bc96beb8c702c884bdbaff9d949240.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe"C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exeC:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2172
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD5299c380818128aa3e5a7f867ed8853c0
SHA161ab4afc68d088f6fa4a16fcaf51727602dcfe6e
SHA256f526dfe00cbe6107f1f2760a2f0da3e637e1fadf7b03bb7861a0028645e744a3
SHA5121d74856b55878423651645577ef64e29b42e65d18491567f84e5b9eef7a20f3b7c6277bbbd9f9b6806c54bdd0e4c52d47d0e01abc80b4d91da68943267b8b8e7
-
Filesize
77KB
MD53d510764599f557d27a19bbe3eb55a15
SHA1ef4fc339aa50adf414c977400ca1fe99d474fa80
SHA256fb0702e56e4959059ebb8e9f9a69e4c3746b65da50fc92a4150e0247fdf15231
SHA5126ede0e48ce4a0b5056decbbf89b7f0f90a769bf3024e644d9d8d7707e17cc1e7cbc3d078a108d062272881c9c7c460a5f39b8191dccf0830f903fb128c3356cb