Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/01/2024, 15:21
Behavioral task
behavioral1
Sample
6fc55a52c65710d459baad1bb4bf9f67.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6fc55a52c65710d459baad1bb4bf9f67.exe
Resource
win10v2004-20231215-en
General
-
Target
6fc55a52c65710d459baad1bb4bf9f67.exe
-
Size
2.7MB
-
MD5
6fc55a52c65710d459baad1bb4bf9f67
-
SHA1
8fd2f3ad14e6d841ff810f5de0af397cae6fcbac
-
SHA256
265610a14cd084430573f5b38836136eaa697a602acfdd38181f25e29805321d
-
SHA512
063ea6bc7f92ef1383787adbedf2bbef3e7e8cecd138062fec8546f933b899812fc237fa45181cdd57c247a2051101f5c93d415721fc1c22e55eeb60703d9b39
-
SSDEEP
49152:Sayd14Z+T5QWSnWJ7HYvbrFtv2LIR9mmp0oQipdAjXyt9/Z+38MBEuHgkNR9j:SF4QNAgorWLIHmmp0oFpoi3/b4EufHj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2092 6fc55a52c65710d459baad1bb4bf9f67.exe -
Executes dropped EXE 1 IoCs
pid Process 2092 6fc55a52c65710d459baad1bb4bf9f67.exe -
Loads dropped DLL 1 IoCs
pid Process 2976 6fc55a52c65710d459baad1bb4bf9f67.exe -
resource yara_rule behavioral1/files/0x000c000000012242-15.dat upx behavioral1/files/0x000c000000012242-10.dat upx behavioral1/memory/2976-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2976 6fc55a52c65710d459baad1bb4bf9f67.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2976 6fc55a52c65710d459baad1bb4bf9f67.exe 2092 6fc55a52c65710d459baad1bb4bf9f67.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2976 wrote to memory of 2092 2976 6fc55a52c65710d459baad1bb4bf9f67.exe 16 PID 2976 wrote to memory of 2092 2976 6fc55a52c65710d459baad1bb4bf9f67.exe 16 PID 2976 wrote to memory of 2092 2976 6fc55a52c65710d459baad1bb4bf9f67.exe 16 PID 2976 wrote to memory of 2092 2976 6fc55a52c65710d459baad1bb4bf9f67.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exeC:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2092
-
C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe"C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2976
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD5ba08836ee4e0469c4358e55a580a74cb
SHA145dc26d5c7d457e1e970df67f8209f691c581a22
SHA256279e9e1878008c2e7a49b41c6fe60f205f190c8a963ba591e57b48d79d5abbd1
SHA512b8e9100425a5cd3b95efd1041f85240cc8439a58271cfdf3bde88173f14494e2b25dc0d0bf082733f11ecfb4eb29cbf57a617a921ea1e48389669b3036cf95e1
-
Filesize
181KB
MD5b79affc4ed6166ed29ab572a050df3c3
SHA1c947d02a4359b36dea11e3f41a865bc91923548b
SHA25611eae3cb1c330a5354f6776546cce00669fa2dd2fc3d356f56b10323c3f0232a
SHA51258811aa9ab0cd6ae6cad9f8e3f421c3bba33c0afe25a036e095844e123bce2e01653f24880873af63d657be42b5061ba157c8544e116b7ad3798546509f73cec