Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01/01/2024, 11:47
Static task
static1
Behavioral task
behavioral1
Sample
3cc606fe81fc547459587cc217b3ea6c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3cc606fe81fc547459587cc217b3ea6c.exe
Resource
win10v2004-20231222-en
General
-
Target
3cc606fe81fc547459587cc217b3ea6c.exe
-
Size
388KB
-
MD5
3cc606fe81fc547459587cc217b3ea6c
-
SHA1
d631f8b6349bcd96ad179d5ef1eb106659623e5e
-
SHA256
2064f93a1a6177c68c6d2c50c8fdaf26d1b3b62650aca9bc20bad8121d55367f
-
SHA512
634868c0abb9ff1dcce2f8c96651da11fd29dfa4a8c170601e4ef048f55f9614d54ec979b18c535b9d3b51479fdc4a87c8b47a64d57d132fe6b942685b9c0104
-
SSDEEP
6144:KQ3/9nM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2wdQ3/nQd:X9nM3D0Fw/tN8dkmLtpHHHrh7kC1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3052 Au_.exe -
Loads dropped DLL 3 IoCs
pid Process 2280 3cc606fe81fc547459587cc217b3ea6c.exe 3052 Au_.exe 3052 Au_.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
resource yara_rule behavioral1/files/0x000d0000000122e8-2.dat nsis_installer_1 behavioral1/files/0x000d0000000122e8-2.dat nsis_installer_2 -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3052 Au_.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2280 wrote to memory of 3052 2280 3cc606fe81fc547459587cc217b3ea6c.exe 28 PID 2280 wrote to memory of 3052 2280 3cc606fe81fc547459587cc217b3ea6c.exe 28 PID 2280 wrote to memory of 3052 2280 3cc606fe81fc547459587cc217b3ea6c.exe 28 PID 2280 wrote to memory of 3052 2280 3cc606fe81fc547459587cc217b3ea6c.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cc606fe81fc547459587cc217b3ea6c.exe"C:\Users\Admin\AppData\Local\Temp\3cc606fe81fc547459587cc217b3ea6c.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:3052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD57fbda5b7be6256996d4e59e5f6949918
SHA12d36c0e0bfbe450675c6ed044e715abaa85a252a
SHA2569bb31f7f02231e3166bf52385d804c06da9740e9c6f0bda807b01052ae9fdcd4
SHA512bc0d36aa6f50041bad05cf48d909ed5a387bff5b111f657591161a288c1be5c20b8c5d69e557b5ea395726d91601b9e6303da81555e053090cfcbf5d44be7f82
-
Filesize
9KB
MD5ef2ba370973a3f8aba1533cb3858921b
SHA1c2211408f29a46fc26198cddf411694c0e7e0eb8
SHA256ed575c8bddf21cc6d689646ecfdeafe356e0f9945a282eda79f3b636b77a4453
SHA51207aac20904fb164ba91b7c619b674d5e0f4d1ec8ba03fbd7e123ef53ff4b134278e01964fb81dfcc2905b760c572a7e13c87114bdb279f1d26632ebe71c628ba
-
Filesize
388KB
MD53cc606fe81fc547459587cc217b3ea6c
SHA1d631f8b6349bcd96ad179d5ef1eb106659623e5e
SHA2562064f93a1a6177c68c6d2c50c8fdaf26d1b3b62650aca9bc20bad8121d55367f
SHA512634868c0abb9ff1dcce2f8c96651da11fd29dfa4a8c170601e4ef048f55f9614d54ec979b18c535b9d3b51479fdc4a87c8b47a64d57d132fe6b942685b9c0104