Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/01/2024, 07:23
Static task
static1
Behavioral task
behavioral1
Sample
5aa0d047d549c9e84d0f157b4846fdee.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5aa0d047d549c9e84d0f157b4846fdee.exe
Resource
win10v2004-20231222-en
General
-
Target
5aa0d047d549c9e84d0f157b4846fdee.exe
-
Size
1.9MB
-
MD5
5aa0d047d549c9e84d0f157b4846fdee
-
SHA1
850ec23e69bd2d43c7cc470aa431120623f4f0b3
-
SHA256
3239f73461ff05b9f4518dd124e7d61c1650aff55ccdb4ce528f08cda8dcdf89
-
SHA512
654e1400f959c5ec6baab5cabe38d89c6a5488bfb152f17e3a6657cb3ef2916538c5f9385aa1be00c2c9f789ed339ab595c3269886f48157f94f6cdf8246c6d3
-
SSDEEP
49152:Qoa1taC070da6ISdMpLv2PxuWR0R6r90fQzb:Qoa1taC0PASsxuyAE
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2192 47E9.tmp -
Executes dropped EXE 1 IoCs
pid Process 2192 47E9.tmp -
Loads dropped DLL 1 IoCs
pid Process 1308 5aa0d047d549c9e84d0f157b4846fdee.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1308 wrote to memory of 2192 1308 5aa0d047d549c9e84d0f157b4846fdee.exe 28 PID 1308 wrote to memory of 2192 1308 5aa0d047d549c9e84d0f157b4846fdee.exe 28 PID 1308 wrote to memory of 2192 1308 5aa0d047d549c9e84d0f157b4846fdee.exe 28 PID 1308 wrote to memory of 2192 1308 5aa0d047d549c9e84d0f157b4846fdee.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe"C:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Users\Admin\AppData\Local\Temp\47E9.tmp"C:\Users\Admin\AppData\Local\Temp\47E9.tmp" --splashC:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe 7D9A11EF99930E6F53B4E04838927A1C74E1CA0072830FB6745B8AE3669383093F9F36793BA2A1A781A4EE21621B0F59CAC20A212B172E099B7BA93BE850A4BC2⤵
- Deletes itself
- Executes dropped EXE
PID:2192
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD558f7e3d3a304e4458dfcb2489b6bac98
SHA1b72a4c8de3be7dde131d17938449b245fd5c54e6
SHA256ec4989289a2a50cbbd536a8aa79d695f69c0a09e58ae2fe74e428914e942cda9
SHA5124b5953970592dde882e87784b44d44afa33e60b5fd99aea05df00633d10a2e5ca43646e14a6220de46e82ef85cf66c7ee5bfcb36f4c909b6c901962e6a174532