Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/01/2024, 20:54
Behavioral task
behavioral1
Sample
689e19925254f332b99cc73ad05aae41.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
689e19925254f332b99cc73ad05aae41.exe
Resource
win10v2004-20231222-en
General
-
Target
689e19925254f332b99cc73ad05aae41.exe
-
Size
1.5MB
-
MD5
689e19925254f332b99cc73ad05aae41
-
SHA1
4b3ce4fcd3dc8494f397a329bdc1e2b11a6c8ebb
-
SHA256
e741c9948e787545a1de1268d1835813215aa69a603709b1c857e2b981379b5a
-
SHA512
73e07367d8f7b2e3367f3a22fad58c9daa3794e5f01f87d89d5f5076ae750a1ec32c0f34e2c5b45d0cbc323835d3ba62009e472a6710ace4fdab1282dbf9386f
-
SSDEEP
24576:TSHEii63fJ7VH0Sn8cDIFlBMVMKcI2Y/IKt5RuEJClrRAI5LAHMjBmkkW:2HEMffHkDZMVFaabaFAMAH5n
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2292 689e19925254f332b99cc73ad05aae41.exe -
Executes dropped EXE 1 IoCs
pid Process 2292 689e19925254f332b99cc73ad05aae41.exe -
Loads dropped DLL 1 IoCs
pid Process 2900 689e19925254f332b99cc73ad05aae41.exe -
resource yara_rule behavioral1/memory/2900-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a000000012243-13.dat upx behavioral1/memory/2900-15-0x0000000003510000-0x00000000039FF000-memory.dmp upx behavioral1/files/0x000a000000012243-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2900 689e19925254f332b99cc73ad05aae41.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2900 689e19925254f332b99cc73ad05aae41.exe 2292 689e19925254f332b99cc73ad05aae41.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2900 wrote to memory of 2292 2900 689e19925254f332b99cc73ad05aae41.exe 28 PID 2900 wrote to memory of 2292 2900 689e19925254f332b99cc73ad05aae41.exe 28 PID 2900 wrote to memory of 2292 2900 689e19925254f332b99cc73ad05aae41.exe 28 PID 2900 wrote to memory of 2292 2900 689e19925254f332b99cc73ad05aae41.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe"C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exeC:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2292
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649KB
MD535f95b98c58ca2e30a7f884112ef2b5d
SHA18727ba49d42fb733800e46dd20772fd502189f7b
SHA2565d070b8886bd79670dbde9ccd68c08690ca0aec45fc8a787d677b81280c518be
SHA51200bbc57f406f0c610fbad0543e12b9f6ed2af73ebac2183ee96bddf873344de68cf59a0dda832013b2b1eab6d62a280d5cef93cb4b974a418ec1260efecefcdc
-
Filesize
1.2MB
MD5b4f3708522ef6dbed542a4bf05c63851
SHA1efd5c35dbef03b8cdb944a34484600a367adcf6c
SHA2565c8c70302fa617bd73de0f2154b9bd49fb3b57e108b9617f866713314d628b49
SHA512f6d51dcc682db2e1d7824d504599f0c5146aedf066b6cb9ee14e9fd6ab1ff90659dbd122286ed3f4fb8375874adfc5e5948d40aacc094c6888addf2b9e77f3a7