Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 14:01
Behavioral task
behavioral1
Sample
4ba1e0cafd6796819159b985d33e2f7c.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4ba1e0cafd6796819159b985d33e2f7c.exe
Resource
win10v2004-20231215-en
General
-
Target
4ba1e0cafd6796819159b985d33e2f7c.exe
-
Size
5.8MB
-
MD5
4ba1e0cafd6796819159b985d33e2f7c
-
SHA1
3a1e6f6ab9bea565a67ed85652c65f35df62405d
-
SHA256
883ecdd5fd15ac33223b0b869e89303d38ee4c6b2f79e44f8c467f8ea6767a76
-
SHA512
8572e5b770566741511ccd8744b5e076bc998aea11e5e6498f64b163041e8351cb6996e2769d8998162b2d66eb8f2cb568b4fa6902aa4c0f64393b1c04e920e3
-
SSDEEP
98304:dpl9t0Y0d6fEEg1mgg3gnl/IVUs1jePsxLTCEXIDSdVfHPJ7zh0ygg3gnl/IVUsn:dz9tvZxg8gl/iBiPeTCEXamxHP70Wgll
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3048 4ba1e0cafd6796819159b985d33e2f7c.exe -
Executes dropped EXE 1 IoCs
pid Process 3048 4ba1e0cafd6796819159b985d33e2f7c.exe -
Loads dropped DLL 1 IoCs
pid Process 2932 4ba1e0cafd6796819159b985d33e2f7c.exe -
resource yara_rule behavioral1/memory/2932-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0009000000015c46-15.dat upx behavioral1/files/0x0009000000015c46-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2932 4ba1e0cafd6796819159b985d33e2f7c.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2932 4ba1e0cafd6796819159b985d33e2f7c.exe 3048 4ba1e0cafd6796819159b985d33e2f7c.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 3048 2932 4ba1e0cafd6796819159b985d33e2f7c.exe 19 PID 2932 wrote to memory of 3048 2932 4ba1e0cafd6796819159b985d33e2f7c.exe 19 PID 2932 wrote to memory of 3048 2932 4ba1e0cafd6796819159b985d33e2f7c.exe 19 PID 2932 wrote to memory of 3048 2932 4ba1e0cafd6796819159b985d33e2f7c.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe"C:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exeC:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3048
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD52918ee9e7334396c44a3c0bf1fc2176c
SHA1680d5fe983103b468fa5e87f1694ff132a68a8c3
SHA25666c362ceabe0bf97603f1501fc0373d03771ee3f6eb67795b18e1f31cc8e8e68
SHA5126c2829235a6847d2d824dab63248788bb8ce3e2b25f5dab3f5bd63c18d8a730b186c5013b05ae7c15c12e2558c5092831e273323598c15ff92669e057d4711a3
-
Filesize
382KB
MD57eb9bc2081ede4b87a52d8a0e8478c40
SHA1078ed33cb898218c1b34d4c672d131e63e3083c4
SHA2561cf4f684c1ff613b0327bbf8743de074a5af644595dcfeae510d54b5a011fff2
SHA5120d7acab9711ae44beb38b7317b382a543a302c27333060ed5afccbf824c88c264db98b1cf334974847c60d988f09450c44b6c3cc5a88e6d105b310417f539f81