Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/01/2024, 14:38
Behavioral task
behavioral1
Sample
6fade2bc1082210a9eaef5d79ba01ad0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6fade2bc1082210a9eaef5d79ba01ad0.exe
Resource
win10v2004-20231215-en
General
-
Target
6fade2bc1082210a9eaef5d79ba01ad0.exe
-
Size
2.9MB
-
MD5
6fade2bc1082210a9eaef5d79ba01ad0
-
SHA1
86d6239e940dfc864daeee1099af64183af8753b
-
SHA256
88bca1df064f334db6653c4c7c045bae00947cd6286aacab10417cfb8e4dae12
-
SHA512
4ee2f71b868f16cd56393d3c039e99a7b76fe329d8f4ea155d718e8b6d63d35d608417d73be75056c35f16fec7ed4e1530b6ec1335faa8b6301f0f17d9fd652d
-
SSDEEP
49152:tPBA19QTHyM9hcWhR7KUKVSuN74NH5HUyNRcUsCVOzetdZJ:xcO8WTuPEu4HBUCczzM3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3040 6fade2bc1082210a9eaef5d79ba01ad0.exe -
Executes dropped EXE 1 IoCs
pid Process 3040 6fade2bc1082210a9eaef5d79ba01ad0.exe -
Loads dropped DLL 1 IoCs
pid Process 1916 6fade2bc1082210a9eaef5d79ba01ad0.exe -
resource yara_rule behavioral1/memory/1916-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0007000000012281-10.dat upx behavioral1/memory/3040-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0007000000012281-15.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1916 6fade2bc1082210a9eaef5d79ba01ad0.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1916 6fade2bc1082210a9eaef5d79ba01ad0.exe 3040 6fade2bc1082210a9eaef5d79ba01ad0.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1916 wrote to memory of 3040 1916 6fade2bc1082210a9eaef5d79ba01ad0.exe 28 PID 1916 wrote to memory of 3040 1916 6fade2bc1082210a9eaef5d79ba01ad0.exe 28 PID 1916 wrote to memory of 3040 1916 6fade2bc1082210a9eaef5d79ba01ad0.exe 28 PID 1916 wrote to memory of 3040 1916 6fade2bc1082210a9eaef5d79ba01ad0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe"C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exeC:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3040
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD5ab0e3c3145aea72328d22ac679b81a47
SHA1a06dd38188cddd21199f4c8550fa9908f1badd99
SHA256998b46599b95602551d2b9ba21172d65465d77ea9bbc67fc572e136700246533
SHA5123e352cc10946e34b3c77dec647bf98ec8d5466381ee7e94dd8bea0878596d3b70bd47707ac5fd624564996e02203918b468dcfd29af524101d64be2131c6583c
-
Filesize
1.8MB
MD568381504f5b3b56344691b797b912afe
SHA169222063f7e38b939fc837bac94c19fa3e0a1a3d
SHA2568a7f497ff8bf17bbc3461f35a8da1b73271075b3e2626caa30ae6d519c2cdba8
SHA512788ffcc824af08048f20775a33187595ff6645ac5c623aa6200ec868014b2ac5909aae52465caec931b37907127f6b9dbcc1fae4c02bc0f281cb3bfcf4169fa7