Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
03/01/2024, 19:26
Behavioral task
behavioral1
Sample
3ee0ff7c3220865dc0bf21411a985811.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3ee0ff7c3220865dc0bf21411a985811.exe
Resource
win10v2004-20231215-en
General
-
Target
3ee0ff7c3220865dc0bf21411a985811.exe
-
Size
2.6MB
-
MD5
3ee0ff7c3220865dc0bf21411a985811
-
SHA1
8c6e329552670729019c8716eabc4db3dbb62fca
-
SHA256
8798bf7387eb73e12213c8139cb9dba3707df2725367f9a2d64637002a5c0a77
-
SHA512
6ba6d1f012ef2c5fa23e7d436a5ba368453c1c4b73c421427ecd2e25b1906dd79b7125963b9f4ccbd9b5c1338d7d194b70a259fd1d48fbb18020dc7ad3f43279
-
SSDEEP
49152:o1AE/sqRGawVJZL9LLc+6swMJndOyf+GG20/C2hCOqwOAay3:IRGaaRfLz9vuaE3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 320 3ee0ff7c3220865dc0bf21411a985811.exe -
Executes dropped EXE 1 IoCs
pid Process 320 3ee0ff7c3220865dc0bf21411a985811.exe -
Loads dropped DLL 1 IoCs
pid Process 1680 3ee0ff7c3220865dc0bf21411a985811.exe -
resource yara_rule behavioral1/memory/1680-1-0x0000000000400000-0x0000000000D9E000-memory.dmp upx behavioral1/files/0x0009000000015c46-15.dat upx behavioral1/files/0x0009000000015c46-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1680 3ee0ff7c3220865dc0bf21411a985811.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1680 3ee0ff7c3220865dc0bf21411a985811.exe 320 3ee0ff7c3220865dc0bf21411a985811.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1680 wrote to memory of 320 1680 3ee0ff7c3220865dc0bf21411a985811.exe 17 PID 1680 wrote to memory of 320 1680 3ee0ff7c3220865dc0bf21411a985811.exe 17 PID 1680 wrote to memory of 320 1680 3ee0ff7c3220865dc0bf21411a985811.exe 17 PID 1680 wrote to memory of 320 1680 3ee0ff7c3220865dc0bf21411a985811.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ee0ff7c3220865dc0bf21411a985811.exe"C:\Users\Admin\AppData\Local\Temp\3ee0ff7c3220865dc0bf21411a985811.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Users\Admin\AppData\Local\Temp\3ee0ff7c3220865dc0bf21411a985811.exeC:\Users\Admin\AppData\Local\Temp\3ee0ff7c3220865dc0bf21411a985811.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:320
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5e7c59c3bfdc283bc4837e95e720f7519
SHA16e04adf723c0fb70495d0a2335e7c93880cf71cf
SHA256f715e5a9f96f3f94c510b8b5f8263866372dd5a73dee90530fc2520ec7cfa112
SHA51230cc3440bb8860a15d815f48bfb2c8936c063c724174c80cf322a4e8df371c37f67b2563fedcb24e322b5049d09ae1e6010dd1eed743bd70e2d2f2e5cd594c2a
-
Filesize
32KB
MD5cdf24b892f47401904f4d77fd1ca00e9
SHA1080c3ecc7b346a1a89ce4e89c3219f96846990a6
SHA256181da6855a0e4f78614db8242064772efaff128f700b4f45b95ee2401833e717
SHA51227ed006524e00e266094bd9b558fbf0179f61c495f4affc80471267d2ec0afc3980d6b8c7ab53805ef2b00d7202e5740abe0b7aaf7cb6c15d8f918beb5e1a091