Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/01/2024, 11:36
Static task
static1
Behavioral task
behavioral1
Sample
5659def2dd9559275955828e361bebda.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5659def2dd9559275955828e361bebda.exe
Resource
win10v2004-20231215-en
General
-
Target
5659def2dd9559275955828e361bebda.exe
-
Size
82KB
-
MD5
5659def2dd9559275955828e361bebda
-
SHA1
bfbb55b338378bd7fa38effafd12263ea5a65295
-
SHA256
800b0bff73242a4fb9c36db1dd9404f9c307bc2850bf8e93b393e4db28c90c2c
-
SHA512
31d857d59e053cc2bcca596ee3d8574f6430851146862a28af1fbb052eade4b8b42bbba631703fb125584afedd58f3b3d414e824617d24eb98cf0b3a8817252b
-
SSDEEP
1536:BXcTUbi7XihazQecCgJnaynaH6S2IVEoyghLwLK8ZtzZCnJSKzcz8Fv/g:BXpuS8AN/nBS2IGo/ULKoKcAC
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3056 5659def2dd9559275955828e361bebda.exe -
Executes dropped EXE 1 IoCs
pid Process 3056 5659def2dd9559275955828e361bebda.exe -
Loads dropped DLL 1 IoCs
pid Process 2232 5659def2dd9559275955828e361bebda.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2232 5659def2dd9559275955828e361bebda.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2232 5659def2dd9559275955828e361bebda.exe 3056 5659def2dd9559275955828e361bebda.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2232 wrote to memory of 3056 2232 5659def2dd9559275955828e361bebda.exe 29 PID 2232 wrote to memory of 3056 2232 5659def2dd9559275955828e361bebda.exe 29 PID 2232 wrote to memory of 3056 2232 5659def2dd9559275955828e361bebda.exe 29 PID 2232 wrote to memory of 3056 2232 5659def2dd9559275955828e361bebda.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\5659def2dd9559275955828e361bebda.exe"C:\Users\Admin\AppData\Local\Temp\5659def2dd9559275955828e361bebda.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Users\Admin\AppData\Local\Temp\5659def2dd9559275955828e361bebda.exeC:\Users\Admin\AppData\Local\Temp\5659def2dd9559275955828e361bebda.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3056
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD529c7c386e4a3975a3271b9382e9a8efe
SHA1a2097f98edf4b3918873abf80fe11fb464859b0b
SHA2562233861ff237d58313412c86062346cb8846ff01893eb8e3378a1cf273c916fc
SHA512e8904b13db28fa7a777585ca9f7b5ce8b7a4a99c0a79887ed1d3a0449696fda9ba1e2c5d3c96745576421830c6a7d0f35c31c9e37823385d950982a97a600a77