Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 16:45
Behavioral task
behavioral1
Sample
4bf2635b6b07aa93931508f8e6700187.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4bf2635b6b07aa93931508f8e6700187.exe
Resource
win10v2004-20231215-en
General
-
Target
4bf2635b6b07aa93931508f8e6700187.exe
-
Size
1.3MB
-
MD5
4bf2635b6b07aa93931508f8e6700187
-
SHA1
816a84dab6b16706c794f79dc26ce5855dc1f3ab
-
SHA256
ae3b3752370f0aea3695dc07d0bb479c59103d8bd568864873bfacca605dcf2a
-
SHA512
33c4b29c67feb5843643f2816399314a3259f38eaaed6875058f53c392afdea423e8fae1945a221fb75ebf3c4305a743d99480ff9ef777f923623f7d2acdb700
-
SSDEEP
24576:/WrDaqw1Y9bLPXQtnMoqWLqTtonhSAfSV2rTpoc7+xKXAWBWc:u32YxbXWMqqTto3fSqTpN+xKXjp
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2228 4bf2635b6b07aa93931508f8e6700187.exe -
Executes dropped EXE 1 IoCs
pid Process 2228 4bf2635b6b07aa93931508f8e6700187.exe -
Loads dropped DLL 1 IoCs
pid Process 2364 4bf2635b6b07aa93931508f8e6700187.exe -
resource yara_rule behavioral1/memory/2364-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0009000000014120-10.dat upx behavioral1/files/0x0009000000014120-13.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2364 4bf2635b6b07aa93931508f8e6700187.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2364 4bf2635b6b07aa93931508f8e6700187.exe 2228 4bf2635b6b07aa93931508f8e6700187.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2364 wrote to memory of 2228 2364 4bf2635b6b07aa93931508f8e6700187.exe 19 PID 2364 wrote to memory of 2228 2364 4bf2635b6b07aa93931508f8e6700187.exe 19 PID 2364 wrote to memory of 2228 2364 4bf2635b6b07aa93931508f8e6700187.exe 19 PID 2364 wrote to memory of 2228 2364 4bf2635b6b07aa93931508f8e6700187.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bf2635b6b07aa93931508f8e6700187.exe"C:\Users\Admin\AppData\Local\Temp\4bf2635b6b07aa93931508f8e6700187.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Users\Admin\AppData\Local\Temp\4bf2635b6b07aa93931508f8e6700187.exeC:\Users\Admin\AppData\Local\Temp\4bf2635b6b07aa93931508f8e6700187.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2228
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD575cd077b20688812e60f001e971879f2
SHA11e14421b4ee9766ed5fab39641f74e6d1d62366c
SHA25647e869dcf48a55d1a4b15b893938cf206dc11fea437bcebb6d7bb1810bb91c0f
SHA512ef7a8ede214c9a3a664e193656889bfa61c90a3edb412cd951242c3249036f47200b3a8a4671ead956993ce4f635db814a1c2d317da25d2133159a602fdae810
-
Filesize
32KB
MD5293632acf202a4f5cd4be817abd2c12e
SHA110c9b43d88cdf3a1a325d455439275e877c4058b
SHA2563990ec36169d4b88ccc5e5bac3c0fd60a9dddc0a499b2f92df4bb42e9b5331e3
SHA512fc8f579df7cbcbede2577ce7439da52313f0fb6b3f479d338d119e7db2f1b2d0e4242808c5841bbc627bfbaafa00d766fb9f34317d356afd8cf0e1ce7ec2e23d