Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
04/01/2024, 05:26
General
-
Target
4002b07dd2322a97f1cce7f56b16de10.exe
-
Size
2.0MB
-
MD5
4002b07dd2322a97f1cce7f56b16de10
-
SHA1
1859f24c227810f9adbe5553f47ab7349f7a45ba
-
SHA256
86f816baffad36a2b68aaac868c0877cd539ce99f775d2c2d122f56fffc7233b
-
SHA512
b2c7bc2155e234ed69fa3a081b92247dec451954c76a39569b5d8e9ebcb0efc287c4d0ad10cf73140c4a5ebed5dee92adf7976a6e8c562ca540ed23ae2009871
-
SSDEEP
49152:5aiBR9Q9nyWhbG/ge053m2qUbK/ie2gUDaZlwcRinXBgJ:Q4RSZhbcR2C7YRgJ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\is-HDKVB.tmp\4002b07dd2322a97f1cce7f56b16de10.tmp"C:\Users\Admin\AppData\Local\Temp\is-HDKVB.tmp\4002b07dd2322a97f1cce7f56b16de10.tmp" /SL5="$30098,1665090,54272,C:\Users\Admin\AppData\Local\Temp\4002b07dd2322a97f1cce7f56b16de10.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\4002b07dd2322a97f1cce7f56b16de10.exe"C:\Users\Admin\AppData\Local\Temp\4002b07dd2322a97f1cce7f56b16de10.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5526a3603826dfd1c792a3d584d75c4df
SHA1378e591d2de1720e83f8164d9d0df8ee2e241565
SHA256f4774608232ed94292e1815785f12ff78fb3a88bcbd21136b8edf3bee55d258f
SHA5120b7bdba22ccaa6f619a35c0a9a0eb50815941ae9fa8f8b9795cb3e67415b4068bf89df3881a26bd67ba06a9f403c66671d513885036d29299d504e8ebea8300c
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
4KB
-
Filesize
752KB
-
Filesize
4KB