Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10/01/2024, 16:33
Static task
static1
Behavioral task
behavioral1
Sample
51106a564002320f30435aa6c25b8dd3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
51106a564002320f30435aa6c25b8dd3.exe
Resource
win10v2004-20231215-en
General
-
Target
51106a564002320f30435aa6c25b8dd3.exe
-
Size
2.0MB
-
MD5
51106a564002320f30435aa6c25b8dd3
-
SHA1
4304b24f723fbfafbcffa96cc7a5cfea7525ad06
-
SHA256
499aedc02c1f6fe422cebd2c513346c1d5d474f8b33f121b0e1332f44cd2d2e8
-
SHA512
8a6462a0a8c229ad5161a274988b0e159ea7698e631f5f37b6e76610463cc446249b6c20b42e57ddc014a1d2eb900d52cbae0574029b433f0029dec9a58b0400
-
SSDEEP
24576:dgdhhQGGnnazLpj4VHogiuGYNycAavew3mwmI1nk30sKbcGOyRWEMVM8w8sm/FvN:dqgazxcGYN139lnk30raxpX
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3000 pg.exe -
Loads dropped DLL 1 IoCs
pid Process 2932 51106a564002320f30435aa6c25b8dd3.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\olmtt\pg.exe 51106a564002320f30435aa6c25b8dd3.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 3000 2932 51106a564002320f30435aa6c25b8dd3.exe 28 PID 2932 wrote to memory of 3000 2932 51106a564002320f30435aa6c25b8dd3.exe 28 PID 2932 wrote to memory of 3000 2932 51106a564002320f30435aa6c25b8dd3.exe 28 PID 2932 wrote to memory of 3000 2932 51106a564002320f30435aa6c25b8dd3.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\51106a564002320f30435aa6c25b8dd3.exe"C:\Users\Admin\AppData\Local\Temp\51106a564002320f30435aa6c25b8dd3.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Program Files (x86)\olmtt\pg.exe"C:\Program Files (x86)\olmtt\pg.exe"2⤵
- Executes dropped EXE
PID:3000
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD578d5fb110789890d06a9ef4c1d5fa425
SHA14a435bcd80090445d5e02808ba3598ca5823367f
SHA256514054888dcf2fa0b3184d4ad61a86be4ea689419d805ab1dfef112e3257700d
SHA512309e3662819f27eafd51e7a472c35d5780e593bc2b2922a0bd7b2308b9c883052dde088c879a5fbea1b0e00ed09edaea89111285e7d1161a57deadc2ca2de8f1