Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01/02/2024, 17:12
Behavioral task
behavioral1
Sample
8770301c32d8a0ea33c2a662ccfd4219.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8770301c32d8a0ea33c2a662ccfd4219.exe
Resource
win10v2004-20231215-en
General
-
Target
8770301c32d8a0ea33c2a662ccfd4219.exe
-
Size
1.3MB
-
MD5
8770301c32d8a0ea33c2a662ccfd4219
-
SHA1
c08572dd9a5aa9de294e375c8c379da346fa1bc2
-
SHA256
a854400af11dd16232301e5c27fe74ccb795854087b681161858a30d6e1920d4
-
SHA512
fc423f6105cbe9964aa4b4af5d42d738a61079d48054bef65c292bb311ed9af70a0ae7e4ded51dbdea9e6106a885f5344e1b71d12038321e25fddd522b2673b4
-
SSDEEP
24576:XxHBrhWoejJmKSnXFG60Avfe5mi6WaSi62duC8Qw1riKQYGQb+vG:BHBrOmKSnVxtfeci6ZufPriKQJ6
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2112 8770301c32d8a0ea33c2a662ccfd4219.exe -
Executes dropped EXE 1 IoCs
pid Process 2112 8770301c32d8a0ea33c2a662ccfd4219.exe -
Loads dropped DLL 1 IoCs
pid Process 2188 8770301c32d8a0ea33c2a662ccfd4219.exe -
resource yara_rule behavioral1/memory/2188-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000a000000012268-16.dat upx behavioral1/memory/2112-17-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000a000000012268-13.dat upx behavioral1/files/0x000a000000012268-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2188 8770301c32d8a0ea33c2a662ccfd4219.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2188 8770301c32d8a0ea33c2a662ccfd4219.exe 2112 8770301c32d8a0ea33c2a662ccfd4219.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2188 wrote to memory of 2112 2188 8770301c32d8a0ea33c2a662ccfd4219.exe 28 PID 2188 wrote to memory of 2112 2188 8770301c32d8a0ea33c2a662ccfd4219.exe 28 PID 2188 wrote to memory of 2112 2188 8770301c32d8a0ea33c2a662ccfd4219.exe 28 PID 2188 wrote to memory of 2112 2188 8770301c32d8a0ea33c2a662ccfd4219.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe"C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exeC:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2112
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
679KB
MD55a7641340552303a02ef07a3f55388d6
SHA1bacc7a32616e836b12b98382cf4a10ae9134c6f9
SHA2567ee809ed23673d9593e8e03afdf8f2560d56e331963c51f8c953a1e83b3ebbdb
SHA512ca6ca549ec49fbc683d32c80c9249813c03437667927750ce5d603f897a084d49ba04d3d3da5fd9fea06ca5d2be0afeb4e30d75623433829a522bc98ae9e456f
-
Filesize
673KB
MD545e8473860ea4a687f262996ece820d1
SHA1bf52c7ae5f0baf36601601a511406c287ff4373a
SHA2560e6265c7906cad6d58d09bebc5858c0fa307cd4bdf52498e6444245c3fafa4ba
SHA512bcb4536dba04a270d9d8624e8205555ebce28eca88ad949b857e8bb2dbbe931d32a8d8aeca63e692b817bb20c213fc01f74d338b5bd21b0f287be341dff6a6cd
-
Filesize
978KB
MD5b66795c7f82410c70486a50556751436
SHA1985ed0d80981297c5d837048b319716175633ec7
SHA25661c76a22dad97956c5794fa58009ec6247d34dd476d84f89c5688007bebaea77
SHA512282d6c3135ec6d74754b683e9e07dd3db95b716225d38ca6b9203f2ceceb6d49e087071f3134f1517ca57224cd95db2a1503006b4f6dccf89caf7176f1564065