Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/01/2024, 08:00
Behavioral task
behavioral1
Sample
742820f33f3b6de66f1e732138ce00d0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
742820f33f3b6de66f1e732138ce00d0.exe
Resource
win10v2004-20231215-en
General
-
Target
742820f33f3b6de66f1e732138ce00d0.exe
-
Size
2.7MB
-
MD5
742820f33f3b6de66f1e732138ce00d0
-
SHA1
fa4ef2d54da09d56c269ef4eccf1e207effd9306
-
SHA256
95e140969133375f014fc17a0075628f5e5a24e11159f6260501334bfee2f3e7
-
SHA512
cd46b850139a8fb057610f170e00df8e580c67e3d4046e901aa001a74076b6257c9c9583d2b846986c1e95c6b3215cd0ab51df69c05b48096d061247ce9b3899
-
SSDEEP
49152:Zvt0+muWdb8IUFjQjTDDSHvv648r9fsHAJImSLMW:ZvQu0b8IUFsvSPv64i956mSLMW
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1948 742820f33f3b6de66f1e732138ce00d0.exe -
Executes dropped EXE 1 IoCs
pid Process 1948 742820f33f3b6de66f1e732138ce00d0.exe -
Loads dropped DLL 1 IoCs
pid Process 2076 742820f33f3b6de66f1e732138ce00d0.exe -
resource yara_rule behavioral1/memory/2076-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000b0000000126e7-11.dat upx behavioral1/files/0x000b0000000126e7-14.dat upx behavioral1/files/0x000b0000000126e7-13.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2076 742820f33f3b6de66f1e732138ce00d0.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2076 742820f33f3b6de66f1e732138ce00d0.exe 1948 742820f33f3b6de66f1e732138ce00d0.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2076 wrote to memory of 1948 2076 742820f33f3b6de66f1e732138ce00d0.exe 28 PID 2076 wrote to memory of 1948 2076 742820f33f3b6de66f1e732138ce00d0.exe 28 PID 2076 wrote to memory of 1948 2076 742820f33f3b6de66f1e732138ce00d0.exe 28 PID 2076 wrote to memory of 1948 2076 742820f33f3b6de66f1e732138ce00d0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe"C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exeC:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1948
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
514KB
MD59d3e9cc7d92d18d073c7cef8983e08b9
SHA123528878b38dfcdb9615485e6b4368958d3b3010
SHA256f0160e5c23854c6640e5795bd573850a4357623870a6a92c044e046a53ab2283
SHA51291c660f6d90361c6ad6d4c13c064fa6ca83952e14c1c4d34ea6f9d2e292369203296026e05112d84a24031863437a05221b858b82ed05c650847b4e1d963a34d
-
Filesize
704KB
MD5a6c1cd86c9f7ec2a32b61e63fef6e27d
SHA1a768e394b4a8516e9e7eea3e7c192632f4cda864
SHA2569dfc7f5b15c88d885e0a02ada96b9b7c264c165ad63056a73fb2f818458bb74c
SHA51252802c4c92cfae793f9b5f0642ebfeda0da957fb76df2ab52bccb00af88cbf155e51f1ff0014bd37a8681ebd1b22c8dc19a18f464e34bbbbd58470961b949762
-
Filesize
671KB
MD56f30477f3ce24ddc5f7d03850526bd63
SHA1ff6de97a38357ae80506113a7cd3a9747808bb70
SHA256fcfbfc9d504e5047e4951604169b714f3822742dca6e57be0a17488807591532
SHA512f8551e2d00cbe0ba856212c124ff0a9593bd26882528b3e43ac7ca111d36ff214682d86dcf988a7b5a2a145d84f2661771aa5c5bd3c7beb574bd8606d41e118b