Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
02/02/2024, 03:50
Behavioral task
behavioral1
Sample
8879fdbfc9bc619b562119dcd86523d7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8879fdbfc9bc619b562119dcd86523d7.exe
Resource
win10v2004-20231215-en
General
-
Target
8879fdbfc9bc619b562119dcd86523d7.exe
-
Size
5.8MB
-
MD5
8879fdbfc9bc619b562119dcd86523d7
-
SHA1
9b2aa75c5d66446dc686ca4604cdc05429001f34
-
SHA256
88a4c2abc81f7556f21736b7c96ce8001985774d804d699fc20f1231052b52d1
-
SHA512
5878b53b034e56dab40825bc4286a817501a19c25995bea4b2768397bdb70edb4b39e1d22087561ddf81fda6f48b76ff20aa241d839ead90a97dd96cb7bd33d2
-
SSDEEP
98304:7X/LYYZ8oONHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:o6Opauq1jI86FA7y2auq1jI86
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2392 8879fdbfc9bc619b562119dcd86523d7.exe -
Executes dropped EXE 1 IoCs
pid Process 2392 8879fdbfc9bc619b562119dcd86523d7.exe -
Loads dropped DLL 1 IoCs
pid Process 1716 8879fdbfc9bc619b562119dcd86523d7.exe -
resource yara_rule behavioral1/memory/1716-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b00000001224e-10.dat upx behavioral1/files/0x000b00000001224e-13.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1716 8879fdbfc9bc619b562119dcd86523d7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1716 8879fdbfc9bc619b562119dcd86523d7.exe 2392 8879fdbfc9bc619b562119dcd86523d7.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1716 wrote to memory of 2392 1716 8879fdbfc9bc619b562119dcd86523d7.exe 28 PID 1716 wrote to memory of 2392 1716 8879fdbfc9bc619b562119dcd86523d7.exe 28 PID 1716 wrote to memory of 2392 1716 8879fdbfc9bc619b562119dcd86523d7.exe 28 PID 1716 wrote to memory of 2392 1716 8879fdbfc9bc619b562119dcd86523d7.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8879fdbfc9bc619b562119dcd86523d7.exe"C:\Users\Admin\AppData\Local\Temp\8879fdbfc9bc619b562119dcd86523d7.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1716 -
C:\Users\Admin\AppData\Local\Temp\8879fdbfc9bc619b562119dcd86523d7.exeC:\Users\Admin\AppData\Local\Temp\8879fdbfc9bc619b562119dcd86523d7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2392
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD586207e95ccf018b55571819afa70c9b0
SHA19b067dc7e6ba39861c8542ef5e5a4d331ff9f4aa
SHA256996b267978bafaecdc44cdff94abff4f2c93c976bd58cc4248b6dede71880754
SHA5125012ba8e0a068241b627c9a7b56c1f35f63e9e55b916173ff95ea9d8197765a0dafe15b12035210112dbc0a90b65309167266abbf6769e8e30f25f780692be37
-
Filesize
1.4MB
MD5a3437bcbdc3efb50e06ae7ca3a772ae4
SHA18d2c2c972551e053bb63dd0819282adf132bccef
SHA256d01c4f0575ec688448bb24cebaeca0b7f106937903bac66b94f65d1977d35d7b
SHA5129fdd860e769362a37b0c944b114bf58a8ab591a2d793bd994b8e0b566d1960cb16cb7f1c276c090c8247e665187a7acaac61001a4257f9769d8b70c84da2149c