Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 19:24
Static task
static1
Behavioral task
behavioral1
Sample
7b12d55f8d915767b4705c19217391bf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7b12d55f8d915767b4705c19217391bf.exe
Resource
win10v2004-20231215-en
General
-
Target
7b12d55f8d915767b4705c19217391bf.exe
-
Size
80KB
-
MD5
7b12d55f8d915767b4705c19217391bf
-
SHA1
c193ba3eeb8f68740ececf9ab173e8a0fa8fb3c9
-
SHA256
ec517a971500245dd32fedadb52fab8019f314ec95bb6b954382e99e927b8361
-
SHA512
cb4c422218bbb8f474d89d850bee76729c1fd7e3a63ee733a903b854ac27cc6860630c1cff6d607dd8c715423e17e7e33d0c31fec0f5f8e32594d33063e41665
-
SSDEEP
1536:/rq+QnUkvADmIqqlwdrI0ec6XWjAbi6D7+zvhsA++V1a1kEJ9:BehvZ5uwVI0ecqW5zvhHO1JD
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 3008 temp.exe 2936 temp2.exe -
Loads dropped DLL 4 IoCs
pid Process 2740 7b12d55f8d915767b4705c19217391bf.exe 2740 7b12d55f8d915767b4705c19217391bf.exe 2740 7b12d55f8d915767b4705c19217391bf.exe 2740 7b12d55f8d915767b4705c19217391bf.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\aplib.dll temp2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2936 temp2.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2740 wrote to memory of 3008 2740 7b12d55f8d915767b4705c19217391bf.exe 27 PID 2740 wrote to memory of 3008 2740 7b12d55f8d915767b4705c19217391bf.exe 27 PID 2740 wrote to memory of 3008 2740 7b12d55f8d915767b4705c19217391bf.exe 27 PID 2740 wrote to memory of 3008 2740 7b12d55f8d915767b4705c19217391bf.exe 27 PID 2740 wrote to memory of 2936 2740 7b12d55f8d915767b4705c19217391bf.exe 28 PID 2740 wrote to memory of 2936 2740 7b12d55f8d915767b4705c19217391bf.exe 28 PID 2740 wrote to memory of 2936 2740 7b12d55f8d915767b4705c19217391bf.exe 28 PID 2740 wrote to memory of 2936 2740 7b12d55f8d915767b4705c19217391bf.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b12d55f8d915767b4705c19217391bf.exe"C:\Users\Admin\AppData\Local\Temp\7b12d55f8d915767b4705c19217391bf.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Users\Admin\AppData\Local\Temp\temp.exe"C:\Users\Admin\AppData\Local\Temp\temp.exe"2⤵
- Executes dropped EXE
PID:3008
-
-
C:\Users\Admin\AppData\Local\Temp\temp2.exe"C:\Users\Admin\AppData\Local\Temp\temp2.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2936
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5ccf41b129bb48359adc377adccbf3ce5
SHA17aad76c412578718810c8d65d641708b27bdc180
SHA256641f6b1c97978514a0edaef92d3bd893e1a94ede633b4d3167412fc046271516
SHA512514248f6010ac482fc7fd6a399aab8b4469c099ef0407d77641448ad16d08b881617ba80f553adb0b9d1d1d061faa80e0d78e1ea85755c3d8314c65662448c3f
-
Filesize
28KB
MD502212ea4a2e2a5fff68c8b6df1fe7d71
SHA1e5ae35758b103e9ede7f9e4fd276b4f793a9cc1b
SHA256d140c17117878646fdee80c016e5af89d3eec5330b53674041a2bbe73c8db9cf
SHA512eb66cc1abf1da77ee61609c5d29aca65a51a422f19bdf9abf935e1646ade82dcd24cbe659cf57692110fc90b6feb8ea29dad75109e7604b06e36f43469c42464