Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03/02/2024, 14:43
Behavioral task
behavioral1
Sample
8c97c2d1349936dcba035061d4085478.exe
Resource
win7-20231215-en
General
-
Target
8c97c2d1349936dcba035061d4085478.exe
-
Size
2.9MB
-
MD5
8c97c2d1349936dcba035061d4085478
-
SHA1
bd8f34b023c3f32c0641039a784c3870d49bf370
-
SHA256
b02fe033d0cbfe6b377932ed3b5169213ad2a967cf2d6161e24f74584980554d
-
SHA512
4e5c82d4b82c008e68ee80ffe4db12599b191e88bf97cabeaba0fd91ac0ba6882237ecb2ed4b4c829ce9eb29f58e294cb52fe3745dffa1ea1d1a7798f52f0659
-
SSDEEP
49152:QTx/ilu/xcfr+vfLjSiP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:QThilu/xPHSigg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2876 8c97c2d1349936dcba035061d4085478.exe -
Executes dropped EXE 1 IoCs
pid Process 2876 8c97c2d1349936dcba035061d4085478.exe -
Loads dropped DLL 1 IoCs
pid Process 2520 8c97c2d1349936dcba035061d4085478.exe -
resource yara_rule behavioral1/memory/2520-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x00090000000122c9-10.dat upx behavioral1/files/0x00090000000122c9-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2520 8c97c2d1349936dcba035061d4085478.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2520 8c97c2d1349936dcba035061d4085478.exe 2876 8c97c2d1349936dcba035061d4085478.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2520 wrote to memory of 2876 2520 8c97c2d1349936dcba035061d4085478.exe 28 PID 2520 wrote to memory of 2876 2520 8c97c2d1349936dcba035061d4085478.exe 28 PID 2520 wrote to memory of 2876 2520 8c97c2d1349936dcba035061d4085478.exe 28 PID 2520 wrote to memory of 2876 2520 8c97c2d1349936dcba035061d4085478.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c97c2d1349936dcba035061d4085478.exe"C:\Users\Admin\AppData\Local\Temp\8c97c2d1349936dcba035061d4085478.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Users\Admin\AppData\Local\Temp\8c97c2d1349936dcba035061d4085478.exeC:\Users\Admin\AppData\Local\Temp\8c97c2d1349936dcba035061d4085478.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2876
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
103KB
MD59170672061bfc88e6da343b99e9f5275
SHA1303834c61334ca8a540999ffbc16f72beeb27bdb
SHA256e30dd25b5e7682d3837c4db7447a50e2b46cd8a72f9326f338463b9ae9a1bf12
SHA512f8c391cbf93ca7bfd338cbd88066b408b5ad13b034c13be8084a1c1546295bb8429faa19d79a2b68c2317ab65369be39a64c86b4392870428350e20e62baeffa
-
Filesize
234KB
MD5859a12391087485810660eb8da8f67ef
SHA10b59a30e7b23cad8366ffe63249d1b0586529b6b
SHA2568461146d63afb397b49fe1344edd315c284cf94b0d5c865009460386ed1fa7aa
SHA5127bb5ef8de1b28a57c35daf72e10c4a6a961391afea7ef1935e45b5077cb6e780a5d604d8e7e0c4bc972192f9fc63b4383fba076fcaffa7ba685f2188e7f1c196