Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/01/2024, 10:45
Behavioral task
behavioral1
Sample
747e077b94ea8c32a6e14bfd9f8ae887.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
747e077b94ea8c32a6e14bfd9f8ae887.exe
Resource
win10v2004-20231222-en
General
-
Target
747e077b94ea8c32a6e14bfd9f8ae887.exe
-
Size
2.7MB
-
MD5
747e077b94ea8c32a6e14bfd9f8ae887
-
SHA1
3b1e1f4099a7a0e5a6bbef2a437de1c02b3a237b
-
SHA256
65bf3e9db02de820042e27e6a89acfb4259635e378ff48f5c266833c5f8c721a
-
SHA512
71c53749bc7d0f8cb85bbf9c8b6f87c108172e2366150b7dd1fbfdf50cec50bd236a37e135f6b45812be8ad62828a6715c63ed8fd91d443b0437697b4805965d
-
SSDEEP
49152:6bjKyKQgaKnkbo8nvW3nM40rWTe7gMtGfzb0VMF2Ua4d3IpLfrpiuwCXf:gjytkb/n+3buWStGfidUaiMLDpJXf
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2652 747e077b94ea8c32a6e14bfd9f8ae887.exe -
Executes dropped EXE 1 IoCs
pid Process 2652 747e077b94ea8c32a6e14bfd9f8ae887.exe -
Loads dropped DLL 1 IoCs
pid Process 1940 747e077b94ea8c32a6e14bfd9f8ae887.exe -
resource yara_rule behavioral1/memory/1940-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012234-10.dat upx behavioral1/files/0x000b000000012234-13.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1940 747e077b94ea8c32a6e14bfd9f8ae887.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1940 747e077b94ea8c32a6e14bfd9f8ae887.exe 2652 747e077b94ea8c32a6e14bfd9f8ae887.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1940 wrote to memory of 2652 1940 747e077b94ea8c32a6e14bfd9f8ae887.exe 28 PID 1940 wrote to memory of 2652 1940 747e077b94ea8c32a6e14bfd9f8ae887.exe 28 PID 1940 wrote to memory of 2652 1940 747e077b94ea8c32a6e14bfd9f8ae887.exe 28 PID 1940 wrote to memory of 2652 1940 747e077b94ea8c32a6e14bfd9f8ae887.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe"C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exeC:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2652
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
151KB
MD54ecceeb82c7bb0fdad347a46f61cb566
SHA165b63a9ee63d007c7492aab88c1cb2551345fe69
SHA2568a5cf19c977890456c3450427381f4092a068b75bf88142bb4ad23e1c1edfdfc
SHA512d6cf63d15c3bd5681cfd8a60c73e429afc0e5ea374a3b4af169af5a11da6d0519d14529f3ed53eaf074a90a762a3beb1cb7ca579c12f24da49b099b7dd42044a
-
Filesize
125KB
MD562234895aa09b2b54eb45746d9dc7525
SHA1eea0fc57bea11903f355fbf02654665f3c819b2c
SHA25695a6bfa4a9b9a4969a1aecf08f9e96425cd85b2a1d43cf654280fce8f279baec
SHA512610cf1b257d101be78c090cb387409ad124715a3cae307bcc03a44bdc7c0843bdeb366adf821fd943311838c3e0caa3cd8c8c92143c417a1bf2b90c88408a658