Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 13:20
Static task
static1
Behavioral task
behavioral1
Sample
37c1891788194b1afca0d984f0e5e797.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
37c1891788194b1afca0d984f0e5e797.exe
Resource
win10v2004-20231215-en
General
-
Target
37c1891788194b1afca0d984f0e5e797.exe
-
Size
1.9MB
-
MD5
37c1891788194b1afca0d984f0e5e797
-
SHA1
ea4b7ea444870d1f233b176c1374e9804cb41670
-
SHA256
601783326ec20ba9f3e84ed17ad78d4cb886628a4a0c06f6551c6a5ca25a7f05
-
SHA512
0187e62850c2c75095ce7e5ee4ddda0c174ef44538d85f5341686164ab37d283fb006a816411c79012a9dcb3ebe027d5be5b7b9016bd39bb724608c22040fd19
-
SSDEEP
49152:9T14dfarkJE3zJZrsPC1rlvdcTZvsmYyMJ:9T1/k2wTh2J
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Wine 37c1891788194b1afca0d984f0e5e797.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1288 37c1891788194b1afca0d984f0e5e797.exe 1288 37c1891788194b1afca0d984f0e5e797.exe 1288 37c1891788194b1afca0d984f0e5e797.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1288 wrote to memory of 1196 1288 37c1891788194b1afca0d984f0e5e797.exe 12 PID 1288 wrote to memory of 1196 1288 37c1891788194b1afca0d984f0e5e797.exe 12 PID 1288 wrote to memory of 1196 1288 37c1891788194b1afca0d984f0e5e797.exe 12 PID 1288 wrote to memory of 1196 1288 37c1891788194b1afca0d984f0e5e797.exe 12 PID 1288 wrote to memory of 1196 1288 37c1891788194b1afca0d984f0e5e797.exe 12 PID 1288 wrote to memory of 1196 1288 37c1891788194b1afca0d984f0e5e797.exe 12
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\37c1891788194b1afca0d984f0e5e797.exe"C:\Users\Admin\AppData\Local\Temp\37c1891788194b1afca0d984f0e5e797.exe"2⤵
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1288
-