Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/01/2024, 03:50
Behavioral task
behavioral1
Sample
5a337cc454d7f2ab45cd0ef2f05e793a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5a337cc454d7f2ab45cd0ef2f05e793a.exe
Resource
win10v2004-20231215-en
General
-
Target
5a337cc454d7f2ab45cd0ef2f05e793a.exe
-
Size
26KB
-
MD5
5a337cc454d7f2ab45cd0ef2f05e793a
-
SHA1
79e1f0edafb7efb5866a55b0c25f4fb9f6a7cdd2
-
SHA256
de56850b144003ff12e59fa5c04fbad97c0ad813fc1f08ab8396066fd426091c
-
SHA512
1834567d304f71b4ad5c24609300af1fbfa5381fc171b63a7583f89ca5c9f9cd7922f6baaa083bb580f8c64a20e42b13e67a0b7053c11a8b3b084c454af9193d
-
SSDEEP
768:U+MFiJemgblK3dyv5g+dNVO5IxQ6KEE649TW:MFwKKtb+dTO+xQMEBW
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2884 5a337cc454d7f2ab45cd0ef2f05e793a.exe -
resource yara_rule behavioral1/memory/3020-1-0x0000000000400000-0x0000000000418000-memory.dmp upx behavioral1/memory/3020-3-0x0000000000400000-0x0000000000418000-memory.dmp upx behavioral1/memory/2884-5-0x0000000000400000-0x0000000000418000-memory.dmp upx behavioral1/memory/2884-9-0x0000000000400000-0x0000000000418000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File created C:\Program Files\Internet Explorer\IEXPLORE32.Dat 5a337cc454d7f2ab45cd0ef2f05e793a.exe File created C:\Program Files\Internet Explorer\IEXPLORE32.jmp 5a337cc454d7f2ab45cd0ef2f05e793a.exe File created C:\Program Files\Internet Explorer\IEXPLORE32.jmp 5a337cc454d7f2ab45cd0ef2f05e793a.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2884 5a337cc454d7f2ab45cd0ef2f05e793a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3020 wrote to memory of 2884 3020 5a337cc454d7f2ab45cd0ef2f05e793a.exe 28 PID 3020 wrote to memory of 2884 3020 5a337cc454d7f2ab45cd0ef2f05e793a.exe 28 PID 3020 wrote to memory of 2884 3020 5a337cc454d7f2ab45cd0ef2f05e793a.exe 28 PID 3020 wrote to memory of 2884 3020 5a337cc454d7f2ab45cd0ef2f05e793a.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a337cc454d7f2ab45cd0ef2f05e793a.exe"C:\Users\Admin\AppData\Local\Temp\5a337cc454d7f2ab45cd0ef2f05e793a.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Users\Admin\AppData\Local\Temp\5a337cc454d7f2ab45cd0ef2f05e793a.exe"C:\Users\Admin\AppData\Local\Temp\5a337cc454d7f2ab45cd0ef2f05e793a.exe" K2⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:2884
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD53e43457fec22e4bc0d5f8a77401ce39d
SHA132c76e3b825a8ac9f77e62d21f053619344f6d2d
SHA256fb7a8a046eed52af5e2d36a07f2d051d4e7752ab4b759aa4db7f937b50ca65ac
SHA5123fc14bece66969c9d6a88d5220866118b59b9b92066770a37f0165f586d0b56de13a83d5151b39c074cb5d1e0a494d6699733cb867eca4b3c23ed7fd0683096d
-
Filesize
26KB
MD5e324b1717c91c0aab0614ada79e98e24
SHA1c217d8298a79c70c826ff637d65858f587523609
SHA25661806c3e42e43b7fb76bcca593b33874779b89fef8e8b22ff4b166bc8f0402da
SHA5120bbe79f678f4af96ea913f89d68a603b4de7140352db2d4155fd15f9e5de655c9e3fcf07d8e53f44a923a16d682d4477c4b78c186af544e5254feff90239a224