Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10/01/2024, 19:10
Behavioral task
behavioral1
Sample
3769bce546c62f2f74e90adfebdaad99.exe
Resource
win7-20231215-en
General
-
Target
3769bce546c62f2f74e90adfebdaad99.exe
-
Size
784KB
-
MD5
3769bce546c62f2f74e90adfebdaad99
-
SHA1
80d2f816a4ffa9ecd8cb420eb543a9268b41e328
-
SHA256
31c786fdb8ec2506f63a5c34dee0e9fb5726c8b0a02fdaf8c0b84ec297f88282
-
SHA512
921b4ceaeaac622e9d25f5ecbe69a4a6751ea863b7ea96a71ee456d2ee497defc6f9f924c42e1109374bbda3210ac09a5037af5b5f43af1a745f845704b55656
-
SSDEEP
12288:uqSV3JEY+Xy96UPI2z6324NHcLecHGsDwDoKGIP2El3LXIlJYH7Zsp5:uqSzEYZI7flNcVLDwEKGIP2E5LX0W7i
Malware Config
Signatures
-
XMRig Miner payload 8 IoCs
resource yara_rule behavioral1/memory/3016-1-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/3016-15-0x0000000003140000-0x0000000003452000-memory.dmp xmrig behavioral1/memory/3016-14-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2424-18-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2424-25-0x0000000002FD0000-0x0000000003163000-memory.dmp xmrig behavioral1/memory/2424-24-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/2424-35-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/2424-34-0x00000000005A0000-0x000000000071F000-memory.dmp xmrig -
Deletes itself 1 IoCs
pid Process 2424 3769bce546c62f2f74e90adfebdaad99.exe -
Executes dropped EXE 1 IoCs
pid Process 2424 3769bce546c62f2f74e90adfebdaad99.exe -
Loads dropped DLL 1 IoCs
pid Process 3016 3769bce546c62f2f74e90adfebdaad99.exe -
resource yara_rule behavioral1/memory/3016-0-0x0000000000400000-0x0000000000712000-memory.dmp upx behavioral1/files/0x0009000000012252-10.dat upx behavioral1/memory/2424-17-0x0000000000400000-0x0000000000712000-memory.dmp upx behavioral1/files/0x0009000000012252-16.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3016 3769bce546c62f2f74e90adfebdaad99.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3016 3769bce546c62f2f74e90adfebdaad99.exe 2424 3769bce546c62f2f74e90adfebdaad99.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3016 wrote to memory of 2424 3016 3769bce546c62f2f74e90adfebdaad99.exe 29 PID 3016 wrote to memory of 2424 3016 3769bce546c62f2f74e90adfebdaad99.exe 29 PID 3016 wrote to memory of 2424 3016 3769bce546c62f2f74e90adfebdaad99.exe 29 PID 3016 wrote to memory of 2424 3016 3769bce546c62f2f74e90adfebdaad99.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\3769bce546c62f2f74e90adfebdaad99.exe"C:\Users\Admin\AppData\Local\Temp\3769bce546c62f2f74e90adfebdaad99.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Users\Admin\AppData\Local\Temp\3769bce546c62f2f74e90adfebdaad99.exeC:\Users\Admin\AppData\Local\Temp\3769bce546c62f2f74e90adfebdaad99.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2424
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
323KB
MD55b29aa194df76ddb12a154f287426a8c
SHA14ed60987925318ecb240b17bf05e661f1c8f26de
SHA2564cccce884b90a27759306ed4f294556ac7f1b50248a2fbccec91100722dfddaf
SHA512f86bb02538e70a6f2bf0bb148a366eef5e66d737122e80689cdd022516f2fcbf2ae9c6584f5c8c04c17c54959fef29c4fa7df045dd03b3b5b19c644b9d006f94
-
Filesize
670KB
MD57c53201c1c00ff9da5c879acde435892
SHA1c67a6903be20447d8325cdc9a00bae4a993d3bed
SHA2566d8a1090f278bfda39287fb0ae7d40f22e2c59bc834cb961c01fe8de8e2985db
SHA5124a3c4d2d6c9d4892e47ab2cc426e58060dace44e93eb4c999573bc1796c9cb757942d856ad9d0d093b4951560ce43ba6fcad839eae66da829dac310fee4c3339