Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10/01/2024, 14:37
Static task
static1
Behavioral task
behavioral1
Sample
50d410f895726fea2c56136ecd653512.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
50d410f895726fea2c56136ecd653512.exe
Resource
win10v2004-20231215-en
General
-
Target
50d410f895726fea2c56136ecd653512.exe
-
Size
380KB
-
MD5
50d410f895726fea2c56136ecd653512
-
SHA1
2ef3d4c19fb1644b4bbd0edb2c04c52d97a4af2f
-
SHA256
8f56783370760f9cf4ae78f55c9192b9ae86e67cd03273178fd94cd3def6b71c
-
SHA512
eab396962e800d1b47f87f4865b118598cd73be527394b2c3fbb39a2abb0ffa3c10cf7c1d5bf4f14111a945448fe6b06f9e338142b6d91f0b1cbb862735cdc0c
-
SSDEEP
6144:4MZeQVXPwgDV+AyJQT5rwh/nidGFrdvG5MqhyBFux/RJNR6OSUtR4XYc/f:4MZeQtwgQHQdr6iarJkMGwF8/XP6IR4X
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2480 integrate.exe -
Loads dropped DLL 2 IoCs
pid Process 2208 50d410f895726fea2c56136ecd653512.exe 2208 50d410f895726fea2c56136ecd653512.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\boxes\integrate.exe 50d410f895726fea2c56136ecd653512.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2208 50d410f895726fea2c56136ecd653512.exe 2208 50d410f895726fea2c56136ecd653512.exe 2208 50d410f895726fea2c56136ecd653512.exe 2208 50d410f895726fea2c56136ecd653512.exe 2480 integrate.exe 2480 integrate.exe 2480 integrate.exe 2480 integrate.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2208 wrote to memory of 2480 2208 50d410f895726fea2c56136ecd653512.exe 28 PID 2208 wrote to memory of 2480 2208 50d410f895726fea2c56136ecd653512.exe 28 PID 2208 wrote to memory of 2480 2208 50d410f895726fea2c56136ecd653512.exe 28 PID 2208 wrote to memory of 2480 2208 50d410f895726fea2c56136ecd653512.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\50d410f895726fea2c56136ecd653512.exe"C:\Users\Admin\AppData\Local\Temp\50d410f895726fea2c56136ecd653512.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Program Files\boxes\integrate.exe"C:\Program Files\boxes\integrate.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
298KB
MD59fafcdbd7b4e4190477d8d857758a56b
SHA1bc91ceebc849c9ade88786a0d2dc3011d4636c25
SHA2565ea3c8ed0610eb56b134bcefee556aa9d72635e0c808e68a2eb16731c8dd1c45
SHA5121d6d695b756c380af646032dde6b04b409fbe727597ec466cc2719a6d72c4afdd771396b9af58122a8e1a25d8a1e11aae07638adc88677c202d1ea1c8b30c7ac
-
Filesize
152KB
MD5fa2ae4a329bbc4ee05dbf09292789d37
SHA1979c8a4508fbe1e2cd07a390771330498b2eb60e
SHA2563fb04c89abc2cfb722be6f74763e8ceb822d88fa6e5fd807a8a11c188e8eb2b5
SHA5129e4ccaa492cd624b0c9e324d72650580faebe318b00fd0568933c051fa2eefdae4299d65d0de9bd6939316882b4c3512753809eb6e7e38dd0bf765bcac06addc
-
Filesize
150KB
MD59076ae674281172f763745278b2bbc50
SHA10f388990c995cb2de5c4becd4b97ebfaca81bff5
SHA2563f52fac115d577603067ed5467bc67e684d4077768aed2ee837f6d4c8a256dae
SHA5121bc79caf546ee828938c325edbb4333c1e61b5fa04936cd23a0b57b91ca9746f60bcf665ce4087d59f7fb9ecbaa503a4a4aa8bf19eac4e61533d7f38b0d16b91
-
Filesize
303KB
MD5c8841b311382af5d1d5d7b45b516fbef
SHA138d6624ac1f696630268cf8571346028d564448b
SHA256c7f6f47cffc158a06c694b5d55a614ba381c2cba0f17a4d352ad4cb56ec81bd3
SHA5121e358b2f9fcb65b7a85e453a97d75c5777039ced62452f14f4a54f0e100defa9751d22df9d7ba45213186995d037ef28347bd9e9805c8d325f443c4bafd83569