Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/01/2024, 16:33
Static task
static1
Behavioral task
behavioral1
Sample
05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe
Resource
win10v2004-20231215-en
General
-
Target
05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe
-
Size
8.5MB
-
MD5
36f483ebb13c2e7bea84e97e117062f4
-
SHA1
3f782b2398848dfdf63c7230b9b96d47c4268a97
-
SHA256
05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17
-
SHA512
07c1527f27c0bcc68e94f8c1113411ebf1cb0a41020554a7417082ff22d086431c7a21b88ed437efd61aff29cc40ab56e402f0833542ed296c57815a32f2bf0e
-
SSDEEP
196608:CmmtcGjKom4Xhtblbr1S//m1In+V6FDHiwKCeysU:Pmtdl1bRuoIv7iRU
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2588 BLCC5_3_23.exe -
Loads dropped DLL 1 IoCs
pid Process 2032 05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2032 wrote to memory of 2588 2032 05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe 28 PID 2032 wrote to memory of 2588 2032 05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe 28 PID 2032 wrote to memory of 2588 2032 05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe 28 PID 2032 wrote to memory of 2588 2032 05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe 28 PID 2032 wrote to memory of 2588 2032 05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe 28 PID 2032 wrote to memory of 2588 2032 05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe 28 PID 2032 wrote to memory of 2588 2032 05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe"C:\Users\Admin\AppData\Local\Temp\05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Users\Admin\AppData\Local\Temp\I1706200434\Windows\BLCC5_3_23.exeC:\Users\Admin\AppData\Local\Temp\I1706200434\Windows\BLCC5_3_23.exe2⤵
- Executes dropped EXE
PID:2588
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD55c1105af1c9d3caed695aa9ef23d0342
SHA1ad44b9eee6b85ef1e4bb772e7168d5770f247aef
SHA256b70f0c2c75c7d60c89e793101398635f730e66e9de3d4a2865f4857c9c2d8688
SHA512a0084b35bd6e00823ce4d3651ed5e7d57a2c1fa0ccd2c7ef90d5920dc1f61899d8362f9535106c691977e617f45d88ad3da0335944f3cc3b5cf7fba6949668e0
-
Filesize
498B
MD550c6a7f50d51b90ad8bd9f8460dbb886
SHA1e7ad5b856d8e8953ba9a936bf515c7c0fb4f572c
SHA25632802562589e6868ef929b91eaef37997f3d44eadb107422480ae8c03ea32a42
SHA512344ec97754fdf1f6a0bc9a69fdd7ad725786602c32ec50428f17770df5e9a4c84e9f864415ccf1daf900c5ee949e5aff3e26976583ef4678883f09cd891bde29
-
Filesize
545KB
MD52a0a5f4f9eb7f74c8dc5752368a85b56
SHA11834bb55003cdcea05cb715ab8d99eca6f3f1250
SHA256d7821a898e6cb83641032ead55703d9656d7a38061c1b5e73be66899322856db
SHA5123fa6c28ae8e9eb972bcaba7c7ec1fa2bcca425a4fea1c731486fdbaa1d1f19b6aea8467bd6483bef2e945a66c304fd2fa57c997ba8c97ea24772108750b124d4