Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 20:14
Static task
static1
Behavioral task
behavioral1
Sample
4c5b899b1846ce714b77fc6de2d64cdb.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4c5b899b1846ce714b77fc6de2d64cdb.exe
Resource
win10v2004-20231215-en
General
-
Target
4c5b899b1846ce714b77fc6de2d64cdb.exe
-
Size
385KB
-
MD5
4c5b899b1846ce714b77fc6de2d64cdb
-
SHA1
09728d0a4a8ff77af0334668a111f8107174d0c3
-
SHA256
bf2926ade8f6f6ff6f0cbce945c251cf6644732f49b00b07a37576158d236b60
-
SHA512
1c8f7f7cdfb30951fa642a8a01c407599095f53536c66f572e0c78a3bb72d47029db44cc86e3fc5dcae0722b478748196e5de5cf0fb8257a7c7b59b2e0d73eba
-
SSDEEP
6144:+2sPVQyr/+QNNPzciFKfuCB2qDk7gCbp9EFsJqT4js1iI9uslgU1EvTsLdeKqiB:+dr/+UNP9pr7gmp9VYMjs1iIQA+CB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2664 4c5b899b1846ce714b77fc6de2d64cdb.exe -
Executes dropped EXE 1 IoCs
pid Process 2664 4c5b899b1846ce714b77fc6de2d64cdb.exe -
Loads dropped DLL 1 IoCs
pid Process 2104 4c5b899b1846ce714b77fc6de2d64cdb.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2104 4c5b899b1846ce714b77fc6de2d64cdb.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2104 4c5b899b1846ce714b77fc6de2d64cdb.exe 2664 4c5b899b1846ce714b77fc6de2d64cdb.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2104 wrote to memory of 2664 2104 4c5b899b1846ce714b77fc6de2d64cdb.exe 16 PID 2104 wrote to memory of 2664 2104 4c5b899b1846ce714b77fc6de2d64cdb.exe 16 PID 2104 wrote to memory of 2664 2104 4c5b899b1846ce714b77fc6de2d64cdb.exe 16 PID 2104 wrote to memory of 2664 2104 4c5b899b1846ce714b77fc6de2d64cdb.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c5b899b1846ce714b77fc6de2d64cdb.exe"C:\Users\Admin\AppData\Local\Temp\4c5b899b1846ce714b77fc6de2d64cdb.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Users\Admin\AppData\Local\Temp\4c5b899b1846ce714b77fc6de2d64cdb.exeC:\Users\Admin\AppData\Local\Temp\4c5b899b1846ce714b77fc6de2d64cdb.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2664
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
79KB
MD5c368d7f853e17be46d3d2ee26da0621c
SHA1a72a388854949b6f5fbfa7ba045663f13f431eab
SHA256c9e54d45fe6b6972895612a00647afef18098831517dc43a77cab3669cc688d4
SHA5126f2868c900b7426172daeee9365eb469b33504a836bf576174dffee7c6c60351b4f54e269f431d2bf99a476dc061d66aec7e6ba659366ad52b2088279af39850
-
Filesize
28KB
MD511d61379cf48466ce205ae626b6129ba
SHA157017a2f3057acfc07f1754fd878d58805e4e98b
SHA25611c00dbe4d4ed56d80e623b9b1281efb5e0c9be250494f84c3392cf8dee66bff
SHA5120caec33c4e623a99e4c42e016ed1841835151f4c929de7144f1a899c10468d9d14c4a22df5d421f273c88a95a20abe6d3ec4613811549d145826240818eea557
-
Filesize
28KB
MD5e53607d020fcc3f21c04e9b294782922
SHA1ccda7f4c3e03713395450e25f0d87805f1228428
SHA256ffeb8eb5ad660604f0ff9c31d55a02a07f766482b9cb567a990b46a16b8d9dca
SHA5123441cf75865b92e184d48d2c1c51f0574a6cbf890cf4f0f3b8e50acf7fd6982980778a4280058228049c60ca635d660aa4d719b6e46ac3d98795f39bdb0a4185
-
Filesize
57KB
MD562c2feff88ed1f31160daf1fdeea47fc
SHA1081d2fc3be5887a4c9aac2faf8ed16c088a95848
SHA256de6b0139fdef80aa941460b71ec9d1fd61afc692792afc2f158bab6e48f39427
SHA512f51295c0d39041ee22a9eb610bdcf2c826405ca0f18269cdb8489965f65e8b4c09cbd7a3c5160fc60103aff3a305d9378d15bc6390ccf47789d0c3f199154e6d