Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/01/2024, 03:33
Static task
static1
Behavioral task
behavioral1
Sample
7ec6dc9a4a6c820bffd4e93985c6adc6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7ec6dc9a4a6c820bffd4e93985c6adc6.exe
Resource
win10v2004-20231215-en
General
-
Target
7ec6dc9a4a6c820bffd4e93985c6adc6.exe
-
Size
82KB
-
MD5
7ec6dc9a4a6c820bffd4e93985c6adc6
-
SHA1
eb2410d2b05a0a94cdc20801f418b203ccdff37f
-
SHA256
d57f282c446872bb698dc88639f38b7681290b958344d958fbd21e2e8401e402
-
SHA512
6dbaf11d827e8938dd464a9419c8f3b372fa6221d64d631cde16b778838d004d85ea5d2e24eb8ac7297289794243d67f38bab6b228077bf628d480394feab5cd
-
SSDEEP
1536:lbd81JKSE4DaZ6Wb+68aDHg8vse8SktNJmBrwIGA5uh:lbuDaII+6Tz8S0UrwIP2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2056 7ec6dc9a4a6c820bffd4e93985c6adc6.exe -
Executes dropped EXE 1 IoCs
pid Process 2056 7ec6dc9a4a6c820bffd4e93985c6adc6.exe -
Loads dropped DLL 1 IoCs
pid Process 2800 7ec6dc9a4a6c820bffd4e93985c6adc6.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2800 7ec6dc9a4a6c820bffd4e93985c6adc6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2800 7ec6dc9a4a6c820bffd4e93985c6adc6.exe 2056 7ec6dc9a4a6c820bffd4e93985c6adc6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2800 wrote to memory of 2056 2800 7ec6dc9a4a6c820bffd4e93985c6adc6.exe 17 PID 2800 wrote to memory of 2056 2800 7ec6dc9a4a6c820bffd4e93985c6adc6.exe 17 PID 2800 wrote to memory of 2056 2800 7ec6dc9a4a6c820bffd4e93985c6adc6.exe 17 PID 2800 wrote to memory of 2056 2800 7ec6dc9a4a6c820bffd4e93985c6adc6.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ec6dc9a4a6c820bffd4e93985c6adc6.exe"C:\Users\Admin\AppData\Local\Temp\7ec6dc9a4a6c820bffd4e93985c6adc6.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Users\Admin\AppData\Local\Temp\7ec6dc9a4a6c820bffd4e93985c6adc6.exeC:\Users\Admin\AppData\Local\Temp\7ec6dc9a4a6c820bffd4e93985c6adc6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2056
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5dad1c72899bc9fed7ef9d85675afb047
SHA1e435ad54ec3b4edca76d916920676696ea79fe3b
SHA256413cee409e5825152532500f8e7a266490c951d2eaae9af923d2f294f235ea7c
SHA512bafb0d832f09e9b1b1308b68f343767666ef3e31178086819cc508243558e3e8fc09d5bd47eb2ba64abff46839552ddec572da297ebc4c18c497e0485b932333