Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/01/2024, 09:21
Behavioral task
behavioral1
Sample
7f7847c2a5af54670396919230856fa8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7f7847c2a5af54670396919230856fa8.exe
Resource
win10v2004-20231215-en
General
-
Target
7f7847c2a5af54670396919230856fa8.exe
-
Size
1.3MB
-
MD5
7f7847c2a5af54670396919230856fa8
-
SHA1
541be05560a7ea71e4763ed3d1ddbd7bbf0eb02b
-
SHA256
72932e331ae267612bceb96adbb18e8995ad94c45c873a88ab1913adacd3127f
-
SHA512
5e5e885de14ad683dd23f2f63b00b138dee31377d8fa6d03100103eaeb5d572455aa6b497d1fbb759ee63f741ea3f2c9fc0a75aa1ce3e1276f262c6862327e0c
-
SSDEEP
24576:fTV4JmvUfxGX71ph1ItUT6vwRBpdNAohJvnKQ3stzWc:fTW5fMT5/DHHnKQ8p
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2416 7f7847c2a5af54670396919230856fa8.exe -
Executes dropped EXE 1 IoCs
pid Process 2416 7f7847c2a5af54670396919230856fa8.exe -
Loads dropped DLL 1 IoCs
pid Process 3000 7f7847c2a5af54670396919230856fa8.exe -
resource yara_rule behavioral1/memory/3000-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a000000012247-14.dat upx behavioral1/memory/2416-15-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3000 7f7847c2a5af54670396919230856fa8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3000 7f7847c2a5af54670396919230856fa8.exe 2416 7f7847c2a5af54670396919230856fa8.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3000 wrote to memory of 2416 3000 7f7847c2a5af54670396919230856fa8.exe 28 PID 3000 wrote to memory of 2416 3000 7f7847c2a5af54670396919230856fa8.exe 28 PID 3000 wrote to memory of 2416 3000 7f7847c2a5af54670396919230856fa8.exe 28 PID 3000 wrote to memory of 2416 3000 7f7847c2a5af54670396919230856fa8.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f7847c2a5af54670396919230856fa8.exe"C:\Users\Admin\AppData\Local\Temp\7f7847c2a5af54670396919230856fa8.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\7f7847c2a5af54670396919230856fa8.exeC:\Users\Admin\AppData\Local\Temp\7f7847c2a5af54670396919230856fa8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2416
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5e19627f9565b063a0d02f37e11211c70
SHA14ea2376de28733300a1dde7d8acfc656fee9fc78
SHA256c0d4c614b14ac416fb70c46a1d9393a10709cb7bfad90c0afcb51fc25de4619c
SHA512e2e97aba0cd710ebae4c1e535891fd81422eb9c1a4712f5735c2a4332a77b3ea54ec3f0d2a0e2beb6f3c8ec69d7588e4d1411ca59f9bcfbaa58466992c3f430d