Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01/02/2024, 05:50
Static task
static1
Behavioral task
behavioral1
Sample
86193ce69eaffc900d39f6c42dd0460b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
86193ce69eaffc900d39f6c42dd0460b.exe
Resource
win10v2004-20231215-en
General
-
Target
86193ce69eaffc900d39f6c42dd0460b.exe
-
Size
1.9MB
-
MD5
86193ce69eaffc900d39f6c42dd0460b
-
SHA1
6442540b9de49b29bd16df80ea8745d285abb6cc
-
SHA256
0de904140098da3a4fe9786a3de8831f6ab090fadb7c5c18713c7ed55454a700
-
SHA512
9baea106dba673a9264e30a18c489106547a3b021f97d65acd438c118971af7f7f00f315da1995537f2dc771ba787e52d619c3a88965da3d73ff8b1704c6c474
-
SSDEEP
49152:Qoa1taC070dvisoD8OBXcZNHsLbeCdlXHa11vOnu4p:Qoa1taC00oQOBXcnsOCdl67OZp
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2668 5DAA.tmp -
Executes dropped EXE 1 IoCs
pid Process 2668 5DAA.tmp -
Loads dropped DLL 1 IoCs
pid Process 2092 86193ce69eaffc900d39f6c42dd0460b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2092 wrote to memory of 2668 2092 86193ce69eaffc900d39f6c42dd0460b.exe 28 PID 2092 wrote to memory of 2668 2092 86193ce69eaffc900d39f6c42dd0460b.exe 28 PID 2092 wrote to memory of 2668 2092 86193ce69eaffc900d39f6c42dd0460b.exe 28 PID 2092 wrote to memory of 2668 2092 86193ce69eaffc900d39f6c42dd0460b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\86193ce69eaffc900d39f6c42dd0460b.exe"C:\Users\Admin\AppData\Local\Temp\86193ce69eaffc900d39f6c42dd0460b.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Users\Admin\AppData\Local\Temp\5DAA.tmp"C:\Users\Admin\AppData\Local\Temp\5DAA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\86193ce69eaffc900d39f6c42dd0460b.exe 68A81AC398B22FBFA7A91C0961B7B168E61BFEC1C4A4C8253438FCB05CA7382D80DC525FE2D50C798CDB83349A7A51A6A4E1F177DC7D48854BCC179C498F29EF2⤵
- Deletes itself
- Executes dropped EXE
PID:2668
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5e440a89404e1cc69ece9935f9e9a14a1
SHA1cf6076c66067e01eb651a442f214aa9edf09c286
SHA2561c9701cfa3592d4af0d304e194a381e562c767591b788f157d03a5e9fbe74347
SHA5129248cfdb549f6addf8ecb98e705e182b4da31d7f1bf87107dd06e1e0beae5a41231f908a45958a4dcf9c99dae1f14edb6b208421646fff81148d8b05d2d9eb4c