Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
01/02/2024, 10:45
Behavioral task
behavioral1
Sample
86b1aeb8274105ab2ada325f23857d32.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
86b1aeb8274105ab2ada325f23857d32.exe
Resource
win10v2004-20231222-en
General
-
Target
86b1aeb8274105ab2ada325f23857d32.exe
-
Size
1.3MB
-
MD5
86b1aeb8274105ab2ada325f23857d32
-
SHA1
15f1d9731e894055a7c833e6566d6aab11a83761
-
SHA256
106d44053f992d84c548e2641826c458434f70b8a0810e1405f2c693bb9c6985
-
SHA512
1623538854f9a51eca11383c518933ebec05b29d8276aa7a522ee9616cbd6d073fc3bb47e4c1f075bcfcf8933560c7dd5c1155e11641ddeeb268445042e454c8
-
SSDEEP
24576:scf6odiivL2iXtiUZDS3uPB7NFqEmq0Zojs0tosoRGUfBlkMYNs5mzx7U9/9Us:hTvqiXUUoePhNh5tAGUkMYUm14R9j
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3048 86b1aeb8274105ab2ada325f23857d32.exe -
Executes dropped EXE 1 IoCs
pid Process 3048 86b1aeb8274105ab2ada325f23857d32.exe -
Loads dropped DLL 1 IoCs
pid Process 2552 86b1aeb8274105ab2ada325f23857d32.exe -
resource yara_rule behavioral1/memory/2552-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral1/files/0x0009000000015c71-13.dat upx behavioral1/files/0x0009000000015c71-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2552 86b1aeb8274105ab2ada325f23857d32.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2552 86b1aeb8274105ab2ada325f23857d32.exe 3048 86b1aeb8274105ab2ada325f23857d32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2552 wrote to memory of 3048 2552 86b1aeb8274105ab2ada325f23857d32.exe 28 PID 2552 wrote to memory of 3048 2552 86b1aeb8274105ab2ada325f23857d32.exe 28 PID 2552 wrote to memory of 3048 2552 86b1aeb8274105ab2ada325f23857d32.exe 28 PID 2552 wrote to memory of 3048 2552 86b1aeb8274105ab2ada325f23857d32.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exe"C:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exeC:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3048
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
693KB
MD5c327630bce13ee02db915d2646a93753
SHA10862a87523d9eac315877e9710c47f0c0ca4b5f2
SHA256c0d019ec1af2908d7fb9ff1d4cbc92aefa98b838595db464bd5f744ceb4da79f
SHA5123ddeeb82ca44d781098d09246dbfc3243e4575096f6a44b1d34eeb25aa643c716c91ce9c602042dbb344a1088b83936e63d77808d416bf6d5c579fe14d37ac26
-
Filesize
849KB
MD56f34d6b0a0a11f77ca9c8c46c6a69ff9
SHA173cc9b2a6cf84a7b2e02ae3b919dcd13aade4493
SHA256d06f7904f45970c655c24fb4fe203a0c2f7096fac4a7b102885cae39e59d9bda
SHA512fb3da6f7a3560c511e8a3c6e99108a4c3edae933d9d95d42672eea6abedcfdb97eae1660e27251f78678fba8bef79e6ce1e61d3e0ac470987c4b6e7714921a5c