Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03/02/2024, 01:30
Static task
static1
Behavioral task
behavioral1
Sample
8b0a6485dadb1894875b00c8010e0550.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8b0a6485dadb1894875b00c8010e0550.exe
Resource
win10v2004-20231215-en
General
-
Target
8b0a6485dadb1894875b00c8010e0550.exe
-
Size
92KB
-
MD5
8b0a6485dadb1894875b00c8010e0550
-
SHA1
e7db2a3c1323fbac1540a8ca45a56df0931d24ab
-
SHA256
531a784de4255cc3567f49bb90bfee737f793bd3e35d1b00ea9cea49e2b7adb6
-
SHA512
dfdf82b481fc5407a8d7524a00c7e9a8cbce854163cf7fb98240f851d161bc121ac4af88efcadfe0ca1129524b25070eb1355bfc9b3f988ba26e904880c187d0
-
SSDEEP
1536:YfsRrCqzTIg692VvSWfn2aMnlr2Z2Z7YGK/+GN:YfsRJR69WvVfn2a8lw0KBN
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1208 1.exe-crypted.exe.ucc.exe -
Loads dropped DLL 2 IoCs
pid Process 2060 8b0a6485dadb1894875b00c8010e0550.exe 2060 8b0a6485dadb1894875b00c8010e0550.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1208 1.exe-crypted.exe.ucc.exe 1208 1.exe-crypted.exe.ucc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2060 8b0a6485dadb1894875b00c8010e0550.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 2060 wrote to memory of 1208 2060 8b0a6485dadb1894875b00c8010e0550.exe 28 PID 2060 wrote to memory of 1208 2060 8b0a6485dadb1894875b00c8010e0550.exe 28 PID 2060 wrote to memory of 1208 2060 8b0a6485dadb1894875b00c8010e0550.exe 28 PID 2060 wrote to memory of 1208 2060 8b0a6485dadb1894875b00c8010e0550.exe 28 PID 1208 wrote to memory of 1076 1208 1.exe-crypted.exe.ucc.exe 14 PID 1208 wrote to memory of 1076 1208 1.exe-crypted.exe.ucc.exe 14 PID 1208 wrote to memory of 1076 1208 1.exe-crypted.exe.ucc.exe 14 PID 1208 wrote to memory of 1076 1208 1.exe-crypted.exe.ucc.exe 14 PID 1208 wrote to memory of 1076 1208 1.exe-crypted.exe.ucc.exe 14 PID 1208 wrote to memory of 1076 1208 1.exe-crypted.exe.ucc.exe 14
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1076
-
C:\Users\Admin\AppData\Local\Temp\8b0a6485dadb1894875b00c8010e0550.exe"C:\Users\Admin\AppData\Local\Temp\8b0a6485dadb1894875b00c8010e0550.exe"2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exeC:\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1208
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5781b2b39db867ac8f2d3fb186b2f092b
SHA15e6f963bcf788e6301ace9a639d59c3091f05a6c
SHA256ee39c328fe46eb0721fa0e0c72d0db22c5cf284aa28f3df6a8e4120a7c33257c
SHA512c565d51a20b065292cad3202ef38ada12a50d0030eb3b2f51771d3f4a1bba92133dc739e18d11ae7bc1a8cd7ef1833e9136469144921ed250bdc463926612e73