Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
01/02/2024, 23:38
Behavioral task
behavioral1
Sample
87f6f5ab879c7e22325ca49906021d8e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
87f6f5ab879c7e22325ca49906021d8e.exe
Resource
win10v2004-20231215-en
General
-
Target
87f6f5ab879c7e22325ca49906021d8e.exe
-
Size
1.5MB
-
MD5
87f6f5ab879c7e22325ca49906021d8e
-
SHA1
60f5729d9ea64f5ee1661bfd23f0655076355692
-
SHA256
7c16ae285279204748a77384b5cd59af0eb7c18f41196455325feba61726f304
-
SHA512
260ad0b2a132e0be97917e11a7b5a266ad33b24aae5c9630aa22e00d4c3512d16ccef60a085e1b3b15b9cbbf2437083545513a341d5993e9d3816f24d40fc276
-
SSDEEP
24576:7aYuH1ZryqvJq5ane4J5nTJ37uVwGNIuvHKf+08SF9XcBQYzKIioVLf26W:mYuH/ryqvfne4J51uTN10+01YGbWLl
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1692 87f6f5ab879c7e22325ca49906021d8e.exe -
Executes dropped EXE 1 IoCs
pid Process 1692 87f6f5ab879c7e22325ca49906021d8e.exe -
Loads dropped DLL 1 IoCs
pid Process 2332 87f6f5ab879c7e22325ca49906021d8e.exe -
resource yara_rule behavioral1/memory/2332-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x00090000000142c4-15.dat upx behavioral1/files/0x00090000000142c4-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2332 87f6f5ab879c7e22325ca49906021d8e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2332 87f6f5ab879c7e22325ca49906021d8e.exe 1692 87f6f5ab879c7e22325ca49906021d8e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2332 wrote to memory of 1692 2332 87f6f5ab879c7e22325ca49906021d8e.exe 28 PID 2332 wrote to memory of 1692 2332 87f6f5ab879c7e22325ca49906021d8e.exe 28 PID 2332 wrote to memory of 1692 2332 87f6f5ab879c7e22325ca49906021d8e.exe 28 PID 2332 wrote to memory of 1692 2332 87f6f5ab879c7e22325ca49906021d8e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe"C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exeC:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1692
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
286KB
MD525ec3a0a33b793cbc6e08e77999a45a3
SHA175f7a61e612839d5f453e1b71f537115f8c8e7a8
SHA2563d17f8b227085e0c713857cf9b1dcc6db6f1d3165c47f2d2659ff769dca1aade
SHA5123e2dd81163156801cc920bfcc7e62debf1a3f0dbae0cbd6ff7f98460fa77f5199d95624dd2e8af2f580dc868390576e1412073b49aef21581e84c48437064990
-
Filesize
417KB
MD565bbfd97b143d85d924fd6ceec79e313
SHA1d20a1a39c74256ff302d58358326e39a1bd5141f
SHA2566bb0cbc98c4ca06cac4572115e808fc930d78300b2c73bbc1dbe82a3d260042f
SHA51237474848e514d054198d69b20bc85f2849e4850ebf2dbe3df64f6d11c7c50473f9016ed84996c639a123143ec0827b592c948060336ad8b898d0f0476af29b9f