Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/01/2024, 13:39
Behavioral task
behavioral1
Sample
7ff8d1512d910ca1e655cdfa1e1859c9.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7ff8d1512d910ca1e655cdfa1e1859c9.exe
Resource
win10v2004-20231215-en
General
-
Target
7ff8d1512d910ca1e655cdfa1e1859c9.exe
-
Size
1.3MB
-
MD5
7ff8d1512d910ca1e655cdfa1e1859c9
-
SHA1
e9ba02c0240a3a2e4284748b12a1aa160f72a6e8
-
SHA256
94d3f70c938c8e26bfcaac02d071f3fcaefebcafe614b94f7ad90c0380f0fd3c
-
SHA512
81a11fc3941b147391f86017b0d38155b8a7169fa030b301550dfa4eaf0d8f208ad0acfd8632fc53de247030e22da687f11d711b3765e7bf852601f103d1aca5
-
SSDEEP
24576:IAWa1DBt1V//7jfFLhy/iM5U28Vpqa/iLMWbhoqqTrzxX0rWO:Ixa1DBtqtnGxi/oqqTr1XSf
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2516 7ff8d1512d910ca1e655cdfa1e1859c9.exe -
Executes dropped EXE 1 IoCs
pid Process 2516 7ff8d1512d910ca1e655cdfa1e1859c9.exe -
Loads dropped DLL 1 IoCs
pid Process 1644 7ff8d1512d910ca1e655cdfa1e1859c9.exe -
resource yara_rule behavioral1/memory/1644-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000e000000012670-10.dat upx behavioral1/memory/2516-17-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000e000000012670-15.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1644 7ff8d1512d910ca1e655cdfa1e1859c9.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1644 7ff8d1512d910ca1e655cdfa1e1859c9.exe 2516 7ff8d1512d910ca1e655cdfa1e1859c9.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1644 wrote to memory of 2516 1644 7ff8d1512d910ca1e655cdfa1e1859c9.exe 28 PID 1644 wrote to memory of 2516 1644 7ff8d1512d910ca1e655cdfa1e1859c9.exe 28 PID 1644 wrote to memory of 2516 1644 7ff8d1512d910ca1e655cdfa1e1859c9.exe 28 PID 1644 wrote to memory of 2516 1644 7ff8d1512d910ca1e655cdfa1e1859c9.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe"C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exeC:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2516
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
720KB
MD57edd4470aab84a840b4eb4675fbb2045
SHA1368ac84ae1c4a32aed46ea626f25b6ac6d7f0391
SHA256ecda4686b06d6ff64bc251cd23fdcb84d9583cc02b0e60108caef2b350b9fa09
SHA51267119a65811cc43c4361978e13b0703dcf2870803f84b4e8f36beaf8a31227060d0cdc6b5968bf5ef928e557b94cbebf8c66b69aa0eeee9d45c6b5aaa3e54790
-
Filesize
620KB
MD5aea850704f194a17a1db8f5d85ac3ab7
SHA1893defe8eadcaa7709b8d6f122b7d868ee717575
SHA2564dca1cab3283c0c9aa0f6f8a61dc8f00a44e6c65b618af761dc7f77bedac09fb
SHA5124aaf6c7edd71af528b27b9455e0c1d10c2e1a8c5dd96b9a3e66ef523dd11c54bbecb5960ecccc49611e8ac2a2bcdb769a869e262c9537179bb4b48e000c58bdb