Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06/01/2024, 05:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
456a949e199b029b8ced8fd414226282.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
456a949e199b029b8ced8fd414226282.exe
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
456a949e199b029b8ced8fd414226282.exe
-
Size
1.1MB
-
MD5
456a949e199b029b8ced8fd414226282
-
SHA1
fdd5d8ca2390faaede3158751e5808a397ca9331
-
SHA256
35979e208b566f8ca353a5a6e9aa9b36290469c164774523303e4f2017d11ee8
-
SHA512
b0e874245e274ee86852cf9a4265b67bfc6cb360fe25126032d4a6eea2db6ad9d8e89568e0d69d7e33c8abfb34aa1cdc47d81b95c85442f0f6d5b69f2833ab10
-
SSDEEP
24576:qKeyxTAJnMHn36sQ7H/yQQuYmlswByeiGZAw1cR:qKeyRAJe3LqaCY4LyeLZbc
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1532 lnnvbbxiul.exe -
Loads dropped DLL 1 IoCs
pid Process 2508 456a949e199b029b8ced8fd414226282.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\otwnnahey\lnnvbbxiul.exe 456a949e199b029b8ced8fd414226282.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2508 wrote to memory of 1532 2508 456a949e199b029b8ced8fd414226282.exe 14 PID 2508 wrote to memory of 1532 2508 456a949e199b029b8ced8fd414226282.exe 14 PID 2508 wrote to memory of 1532 2508 456a949e199b029b8ced8fd414226282.exe 14 PID 2508 wrote to memory of 1532 2508 456a949e199b029b8ced8fd414226282.exe 14
Processes
-
C:\Program Files (x86)\otwnnahey\lnnvbbxiul.exe"C:\Program Files (x86)\otwnnahey\lnnvbbxiul.exe"1⤵
- Executes dropped EXE
PID:1532
-
C:\Users\Admin\AppData\Local\Temp\456a949e199b029b8ced8fd414226282.exe"C:\Users\Admin\AppData\Local\Temp\456a949e199b029b8ced8fd414226282.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2508