Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03/02/2024, 10:25
Behavioral task
behavioral1
Sample
8c18208998ce44c0b1bc34ca41af7e2a.exe
Resource
win7-20231215-en
General
-
Target
8c18208998ce44c0b1bc34ca41af7e2a.exe
-
Size
5.8MB
-
MD5
8c18208998ce44c0b1bc34ca41af7e2a
-
SHA1
36bf8fb200a7a5d2e3f68a1e38ee3370357d670d
-
SHA256
9204d231692037fe3cf3ce5694569cad170d46514b8102b36ed5657cb8c0cc4b
-
SHA512
c9e843950e92ccb71f385e7c93048d610a8bba3390635d01775f8d362ee7244f9d4164894221c02b4a32af29145a2cb7fe372e005bbd5c6fcccf98f02cd771fc
-
SSDEEP
98304:pKvkW/bRTKTuwVgg3gnl/IVUs1jePsgzOSgz9Mj4jhSHaHgg3gnl/IVUs1jePs:AsW/bRTmuwjgl/iBiPK5rjgalgl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1536 8c18208998ce44c0b1bc34ca41af7e2a.exe -
Executes dropped EXE 1 IoCs
pid Process 1536 8c18208998ce44c0b1bc34ca41af7e2a.exe -
Loads dropped DLL 1 IoCs
pid Process 3000 8c18208998ce44c0b1bc34ca41af7e2a.exe -
resource yara_rule behavioral1/memory/3000-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a000000012232-10.dat upx behavioral1/files/0x000a000000012232-15.dat upx behavioral1/memory/1536-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3000 8c18208998ce44c0b1bc34ca41af7e2a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3000 8c18208998ce44c0b1bc34ca41af7e2a.exe 1536 8c18208998ce44c0b1bc34ca41af7e2a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3000 wrote to memory of 1536 3000 8c18208998ce44c0b1bc34ca41af7e2a.exe 28 PID 3000 wrote to memory of 1536 3000 8c18208998ce44c0b1bc34ca41af7e2a.exe 28 PID 3000 wrote to memory of 1536 3000 8c18208998ce44c0b1bc34ca41af7e2a.exe 28 PID 3000 wrote to memory of 1536 3000 8c18208998ce44c0b1bc34ca41af7e2a.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c18208998ce44c0b1bc34ca41af7e2a.exe"C:\Users\Admin\AppData\Local\Temp\8c18208998ce44c0b1bc34ca41af7e2a.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\8c18208998ce44c0b1bc34ca41af7e2a.exeC:\Users\Admin\AppData\Local\Temp\8c18208998ce44c0b1bc34ca41af7e2a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1536
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.8MB
MD51d27e2c546edb23c4438deda9d8a20a4
SHA1e954f4304369e8cf5340dd8d1101536712c03b7d
SHA25608a2a36bcb037a783d333a726955997ed271066fb30a6df9dbd7903fe4a67e42
SHA512ed30b168c1228b6ed790108425948f9dbbee32956c795a3046c2b3bc9213642586135017a074d5c1515744baaf0ba182fb66820367a2c62d69cb963eabbdfd8b
-
Filesize
1.2MB
MD5108c3ddf278317dbab9eb8113e16954b
SHA11bc13a494c729e8ab5a06f8998bac19567bdfd38
SHA256f73f9cfadc43fc6ab78d9e7c0a1be59ec17bd00510ebc10630e1e07d6600a7ae
SHA5121e1ce24f69b0bd66debde8821a6b27f65ad3b121e7429fe5ab7424a413104d4b6858b85fe34279d4b148f696316a5d7674c4ea1663b348609fef45240a94ef3a