Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24/01/2024, 01:18
Static task
static1
Behavioral task
behavioral1
Sample
710ef31527a7b35eba1edf43d8ee4a1f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
710ef31527a7b35eba1edf43d8ee4a1f.exe
Resource
win10v2004-20231215-en
General
-
Target
710ef31527a7b35eba1edf43d8ee4a1f.exe
-
Size
113KB
-
MD5
710ef31527a7b35eba1edf43d8ee4a1f
-
SHA1
4e1df07d81b6f5b8c7b929639d6a1c90dcdb9895
-
SHA256
1450707f9fa1c4209c2b50a0d11d4d669bd2a8ec75da17b1550a44e0f892745d
-
SHA512
0bd0a3159cfe796aab30ecaf622381c7cdc4fbccb649dde90cbac983f09f1280bb108102e94d996023eedd3a70a0c74c6178b003664f1ca0ac99fcdc9164cbdb
-
SSDEEP
3072:vhTDRkQ6E50IsXz0b+45p3fwoYGX2Jt1b3Mk5LL604FIb:vhTDRkQ6E50fD0b+4vvyGX2JHb8k5LLD
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3016 cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier 710ef31527a7b35eba1edf43d8ee4a1f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2652 wrote to memory of 3016 2652 710ef31527a7b35eba1edf43d8ee4a1f.exe 28 PID 2652 wrote to memory of 3016 2652 710ef31527a7b35eba1edf43d8ee4a1f.exe 28 PID 2652 wrote to memory of 3016 2652 710ef31527a7b35eba1edf43d8ee4a1f.exe 28 PID 2652 wrote to memory of 3016 2652 710ef31527a7b35eba1edf43d8ee4a1f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\710ef31527a7b35eba1edf43d8ee4a1f.exe"C:\Users\Admin\AppData\Local\Temp\710ef31527a7b35eba1edf43d8ee4a1f.exe"1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Fbf..bat" > nul 2> nul2⤵
- Deletes itself
PID:3016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD5be56bf46288e81f6e8149a84f956992d
SHA1dd584cccc953f3f583e16cd757ae0ea260a3c0e1
SHA2566996a1185fc011bae99b5932e23d1c03870acfa13add0032d739ab6e43fd2b7b
SHA512b27aa4f5deb59bb83cf02abd58558929931002bb8d0b1a441ad9db9b7c6f81b8708c0ac4b373ab2c9461877135661cca75a2568598e1e51b68ad192fd2ced6bd