Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/01/2024, 13:36
Behavioral task
behavioral1
Sample
569a99971fc0e576b44e35a1ce0687d3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
569a99971fc0e576b44e35a1ce0687d3.exe
Resource
win10v2004-20231215-en
General
-
Target
569a99971fc0e576b44e35a1ce0687d3.exe
-
Size
1.5MB
-
MD5
569a99971fc0e576b44e35a1ce0687d3
-
SHA1
2f2a1fe239b28b7f0896bbee2fe19ea8e57fb644
-
SHA256
13787ab91a2fbb2fb2492d4b36687c9b7d95051a6e6c5d25ffbf5d78cfc34481
-
SHA512
0fe79be7453ffd52d0578bd5e2d5b3d15737edd6ba142101d74ea54f3c2a4fc0f0a1a6a353becc092fbe1ff2190ef6101d1423aef9a161e24455039bdbbe5954
-
SSDEEP
24576:1HmW1paBmPZ9vCU2lxBHh9sWLi6P4ws4oIIin0JqeZnvsUoBrKFRW:wI5PjvC9lheW+6zs80oqvsUoE
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2236 569a99971fc0e576b44e35a1ce0687d3.exe -
Executes dropped EXE 1 IoCs
pid Process 2236 569a99971fc0e576b44e35a1ce0687d3.exe -
Loads dropped DLL 1 IoCs
pid Process 2408 569a99971fc0e576b44e35a1ce0687d3.exe -
resource yara_rule behavioral1/memory/2408-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x00050000000120fb-10.dat upx behavioral1/memory/2408-15-0x0000000003670000-0x0000000003B5F000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2408 569a99971fc0e576b44e35a1ce0687d3.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2408 569a99971fc0e576b44e35a1ce0687d3.exe 2236 569a99971fc0e576b44e35a1ce0687d3.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2408 wrote to memory of 2236 2408 569a99971fc0e576b44e35a1ce0687d3.exe 28 PID 2408 wrote to memory of 2236 2408 569a99971fc0e576b44e35a1ce0687d3.exe 28 PID 2408 wrote to memory of 2236 2408 569a99971fc0e576b44e35a1ce0687d3.exe 28 PID 2408 wrote to memory of 2236 2408 569a99971fc0e576b44e35a1ce0687d3.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exe"C:\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exeC:\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2236
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD57e130c64f962579151dd3ca013d931b0
SHA160da40227a9ad1f04d5bc01caa078bf96ba31ea8
SHA25645af3642b3ab2a80792723cd6423fb4f03913e895eb4a064de646f624194302c
SHA512bb238c8c5662595ed5e472b8cd428de69e63ffb349c76334c0958536a42967964c4600253cc805a501a3d2a8e121f5fcf5dec3e5e111472f7500ed9e1dec1a2e