Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 13:25
Static task
static1
Behavioral task
behavioral1
Sample
37ef8fc09ef0d6a5c350f53fae97b267.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
37ef8fc09ef0d6a5c350f53fae97b267.exe
Resource
win10v2004-20231215-en
General
-
Target
37ef8fc09ef0d6a5c350f53fae97b267.exe
-
Size
165KB
-
MD5
37ef8fc09ef0d6a5c350f53fae97b267
-
SHA1
4203da41527e9b1a673958763b1227928e494b4d
-
SHA256
7fd0d79657291d38f1b5a311245fb065052c75011ec389e29f8a3480466f8c3e
-
SHA512
d68c7278a31dd76bc47124faae815beda2ab51cf41936e44b30a5fb91ee06f85c7679edbcc8b53a785a8c6b5b8cbedf0aaf13dd6ad72ef4c9596cbdeef5d12e8
-
SSDEEP
3072:ZNCMFjPcfqsBv6fXXv2zP6kkt4UjwIirqyYaT5hT:ZNCM6yGyHuD6kkqsiLr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2620 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Executes dropped EXE 1 IoCs
pid Process 2620 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Loads dropped DLL 1 IoCs
pid Process 1032 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1032 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1032 37ef8fc09ef0d6a5c350f53fae97b267.exe 2620 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1032 wrote to memory of 2620 1032 37ef8fc09ef0d6a5c350f53fae97b267.exe 29 PID 1032 wrote to memory of 2620 1032 37ef8fc09ef0d6a5c350f53fae97b267.exe 29 PID 1032 wrote to memory of 2620 1032 37ef8fc09ef0d6a5c350f53fae97b267.exe 29 PID 1032 wrote to memory of 2620 1032 37ef8fc09ef0d6a5c350f53fae97b267.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\37ef8fc09ef0d6a5c350f53fae97b267.exe"C:\Users\Admin\AppData\Local\Temp\37ef8fc09ef0d6a5c350f53fae97b267.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1032 -
C:\Users\Admin\AppData\Local\Temp\37ef8fc09ef0d6a5c350f53fae97b267.exeC:\Users\Admin\AppData\Local\Temp\37ef8fc09ef0d6a5c350f53fae97b267.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2620
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
165KB
MD56ce29f4715888ee0a69b4df9aaafcf46
SHA1270d9fdce94d96fc795be465fc1c68fcb77b36d4
SHA256ac7a1a36ab2fd3089d2d406568578a82651c0c1c1bddd83d1d9f06874f0798c0
SHA512d2a541e4ffc32b5b02d2e64dac93cfc5e72b27cadbb656b0df34abf0869f578a5b3ecc1b4b166613355bc51481635d3a6073f2a00f5a4f0ca5a01b2fe73a77e0