Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/01/2024, 04:18
Behavioral task
behavioral1
Sample
66ad4f7b33f5aea6647d1cc0da27fd18.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
66ad4f7b33f5aea6647d1cc0da27fd18.exe
Resource
win10v2004-20231215-en
General
-
Target
66ad4f7b33f5aea6647d1cc0da27fd18.exe
-
Size
5.8MB
-
MD5
66ad4f7b33f5aea6647d1cc0da27fd18
-
SHA1
53acfb37bd63c74ec54ca0ceb3cab16fcd62f53b
-
SHA256
59144e903d61a6af4490dc5aa2391139deb81107b920d942bbdbb90612ac298f
-
SHA512
e66c38bb21988d964b43a9ae953e4bd4a2bcd01ba84d73339d998bd9a7c8a5cfdad2f82743d735c8595a93e1ea31ee1506a1ec0971cf840c3e7d248d3ea30dd3
-
SSDEEP
98304:IS7ce29HUFRXJJOugg3gnl/IVUs1jePs/dnsmKaoR76Ugg3gnl/IVUs1jePs:Nm9g5gl/iBiPsn1g7Zgl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2832 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
Executes dropped EXE 1 IoCs
pid Process 2832 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
Loads dropped DLL 1 IoCs
pid Process 2124 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
resource yara_rule behavioral1/memory/2124-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a000000012243-10.dat upx behavioral1/files/0x000a000000012243-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2124 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2124 66ad4f7b33f5aea6647d1cc0da27fd18.exe 2832 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2124 wrote to memory of 2832 2124 66ad4f7b33f5aea6647d1cc0da27fd18.exe 28 PID 2124 wrote to memory of 2832 2124 66ad4f7b33f5aea6647d1cc0da27fd18.exe 28 PID 2124 wrote to memory of 2832 2124 66ad4f7b33f5aea6647d1cc0da27fd18.exe 28 PID 2124 wrote to memory of 2832 2124 66ad4f7b33f5aea6647d1cc0da27fd18.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe"C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exeC:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2832
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
326KB
MD51649f15be48c7c921909f57b285fa004
SHA1f6787d86c80dae5e8a22c5ee9f3176919fb49288
SHA25669ae29afd88cc0879c67edf1a94602385e2045f54c053594a0844ecb387219c3
SHA51293f222bd3a28f8e6d23af4f272229a21cdba59ccba5394068f4402d769292591fdffa918e80328eedb40b444581671e7087194fb932ef8c967d451fb0a1bf7e9
-
Filesize
205KB
MD5e6a28d9c550d98096be5f301ffea9d3c
SHA1c24ad59288d13d0d7878266eb8466684623efbbb
SHA25663591aaf80a5ce05e32c41e4836a0e72bbc3c409cc52db42f28983ecb5e7dd3b
SHA512f33725e7eb56c7bd85e484f0e5d80b894012331ff453f84b4f6aaeff3c7f08087ff256bef606d46b3badbf0a09ab69eebdec74ed957f815566f65c3804accdb2