Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 04:30
Behavioral task
behavioral1
Sample
794851c931a595c4b038040d100c0627.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
794851c931a595c4b038040d100c0627.exe
Resource
win10v2004-20231215-en
General
-
Target
794851c931a595c4b038040d100c0627.exe
-
Size
1.5MB
-
MD5
794851c931a595c4b038040d100c0627
-
SHA1
9b41adde021664a8b20968710aea10f4e40eed13
-
SHA256
9da8b382fe7e49ead631fa4ac436947b68f4b4d948fd267456e87a62f1fe53aa
-
SHA512
229dcbb0420768a25725bd6e8b30c4c1ff0d27fbbbd230a2310770f309712c43191ec58e594fbfd5f9cf159e58309df01db4bcb6a5eac84b4ce6182b0653f4d8
-
SSDEEP
24576:3Xa7DtdoAK7hyBLTeuX9/ILsQVlzIt/fDyG/Yv4sIgA4BWxHxF7fW:na3tOz7MBLT0tl0tzxwvVIgkHHf
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2224 794851c931a595c4b038040d100c0627.exe -
Executes dropped EXE 1 IoCs
pid Process 2224 794851c931a595c4b038040d100c0627.exe -
Loads dropped DLL 1 IoCs
pid Process 2512 794851c931a595c4b038040d100c0627.exe -
resource yara_rule behavioral1/memory/2512-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0008000000012254-10.dat upx behavioral1/files/0x0008000000012254-12.dat upx behavioral1/files/0x0008000000012254-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2512 794851c931a595c4b038040d100c0627.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2512 794851c931a595c4b038040d100c0627.exe 2224 794851c931a595c4b038040d100c0627.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2224 2512 794851c931a595c4b038040d100c0627.exe 28 PID 2512 wrote to memory of 2224 2512 794851c931a595c4b038040d100c0627.exe 28 PID 2512 wrote to memory of 2224 2512 794851c931a595c4b038040d100c0627.exe 28 PID 2512 wrote to memory of 2224 2512 794851c931a595c4b038040d100c0627.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe"C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exeC:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2224
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5606c2858bd50b2ffc58d65d0054b0eaf
SHA15c49edcf1c635ce162f1bc830cfb4f5f7ecd1fad
SHA2560d2050659e9ee388dbf4ef47f1031811ff2442fdeb726e6e7421a37923a98631
SHA5129d52bb5b595e877fe9a2e813ab4fd72e34d62b73ec78469df729bb31bf6cb379524dd3f556215030fad3cda7c87ced63c9f1c824878a6c8c917ccc5a09f7da7f
-
Filesize
192KB
MD51aece79e55369dbfefd6a0f092f0ec56
SHA1a7addc4f185a66d2a0bc7461cf975ac0a29c0419
SHA25630479011ec0c93d9352b7ec84ded3c4c8348e426b173aa8a79804790b6b64a0b
SHA512f39822150b9908bfa456ec1af045d3c16d1ea3d02e44a930d983c85dd00c54e945fa66057bac31f78f88a619422ce848716074db1db24372798e760a2b55d38d