Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10/01/2024, 07:20
Behavioral task
behavioral1
Sample
4fee961cbe256b8e38314ab0e798c6cb.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4fee961cbe256b8e38314ab0e798c6cb.exe
Resource
win10v2004-20231222-en
General
-
Target
4fee961cbe256b8e38314ab0e798c6cb.exe
-
Size
5.8MB
-
MD5
4fee961cbe256b8e38314ab0e798c6cb
-
SHA1
57663d22752e104f432af59baba27aec134ec7e5
-
SHA256
510f9cc2d6ccf5925aafb9a2747b661e45ac866bd47093992a994616f155382d
-
SHA512
43ed26efb0c2e5913d1387a7249c9bd4e8d6549497005bfcd38da251034706b9eca6a544834f147617ae3f91ad4bdcf26c49610b133bdcf608affa02ea5fafd2
-
SSDEEP
98304:TyExRuGjJbIgg3gnl/IVUs1jePsaFLf0wCJ+ehG0ugg3gnl/IVUs1jePs:EQ4gl/iBiPNRfpCJFhG5gl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2420 4fee961cbe256b8e38314ab0e798c6cb.exe -
Executes dropped EXE 1 IoCs
pid Process 2420 4fee961cbe256b8e38314ab0e798c6cb.exe -
Loads dropped DLL 1 IoCs
pid Process 2256 4fee961cbe256b8e38314ab0e798c6cb.exe -
resource yara_rule behavioral1/memory/2256-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b00000001226e-10.dat upx behavioral1/files/0x000b00000001226e-14.dat upx behavioral1/memory/2420-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/memory/2256-13-0x0000000003DD0000-0x00000000042BF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2256 4fee961cbe256b8e38314ab0e798c6cb.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2256 4fee961cbe256b8e38314ab0e798c6cb.exe 2420 4fee961cbe256b8e38314ab0e798c6cb.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2256 wrote to memory of 2420 2256 4fee961cbe256b8e38314ab0e798c6cb.exe 28 PID 2256 wrote to memory of 2420 2256 4fee961cbe256b8e38314ab0e798c6cb.exe 28 PID 2256 wrote to memory of 2420 2256 4fee961cbe256b8e38314ab0e798c6cb.exe 28 PID 2256 wrote to memory of 2420 2256 4fee961cbe256b8e38314ab0e798c6cb.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4fee961cbe256b8e38314ab0e798c6cb.exe"C:\Users\Admin\AppData\Local\Temp\4fee961cbe256b8e38314ab0e798c6cb.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Users\Admin\AppData\Local\Temp\4fee961cbe256b8e38314ab0e798c6cb.exeC:\Users\Admin\AppData\Local\Temp\4fee961cbe256b8e38314ab0e798c6cb.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2420
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
325KB
MD5bbae18169221870cfa4464d7ff206cec
SHA1997e28dd32ef40685e2429da6e369da4f3239bf9
SHA25686bab50846759fa274e921d5e0cc71a7d0bcef18a05e0a8e89ec805dc5090c6a
SHA512af35f9c8cf18c9072cc1e9f181c85823656bb0b6f4e7732fc06fa5eadf8c482e1afd2a4657fb7f06157f78e2528bad61983a596d681fb64cc97be3e7b6748583
-
Filesize
243KB
MD5ea3acc82aac3df537ad6fd9308ef74fa
SHA1da131b24b83d1b5e09c1bb78825bce366b4c913a
SHA25619301b33ee2fe7c9296d64e2cd9ed63fa03f56f2feed1b5827d2908c26664ddd
SHA5121dde088a821cca04c91fe3d239ce0f59bb5315f978dd95caaea78b86777f6e4cd9eaada318d91448377ef64e4aa7730af4efea578e3b6ce0f9b74df40ddfc229