Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03/02/2024, 19:46
Behavioral task
behavioral1
Sample
8d308d3895fc99a562209b4f2c934bdb.exe
Resource
win7-20231215-en
General
-
Target
8d308d3895fc99a562209b4f2c934bdb.exe
-
Size
2.9MB
-
MD5
8d308d3895fc99a562209b4f2c934bdb
-
SHA1
5cd3937880b0f6b5e14db40426e42e13d18775a8
-
SHA256
aba8495d4cbe3246d63612ac684df11435024ebf6c7e9047a615673bce6a918a
-
SHA512
cca38743909c5c26ae213d0b77e889c42da0220b011eb63b8c166f94c44acad928e6af8e663c4fd933c1ef4dc96f05f1991c6108ef5bfade238f7a44719472fb
-
SSDEEP
49152:198meMin3EsR0QlXXPN74NH5HUyNRcUsCVOzetdZJ:Lo3dRZXP4HBUCczzM3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2448 8d308d3895fc99a562209b4f2c934bdb.exe -
Executes dropped EXE 1 IoCs
pid Process 2448 8d308d3895fc99a562209b4f2c934bdb.exe -
Loads dropped DLL 1 IoCs
pid Process 1752 8d308d3895fc99a562209b4f2c934bdb.exe -
resource yara_rule behavioral1/memory/1752-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b00000001225b-10.dat upx behavioral1/memory/2448-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1752 8d308d3895fc99a562209b4f2c934bdb.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1752 8d308d3895fc99a562209b4f2c934bdb.exe 2448 8d308d3895fc99a562209b4f2c934bdb.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1752 wrote to memory of 2448 1752 8d308d3895fc99a562209b4f2c934bdb.exe 28 PID 1752 wrote to memory of 2448 1752 8d308d3895fc99a562209b4f2c934bdb.exe 28 PID 1752 wrote to memory of 2448 1752 8d308d3895fc99a562209b4f2c934bdb.exe 28 PID 1752 wrote to memory of 2448 1752 8d308d3895fc99a562209b4f2c934bdb.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d308d3895fc99a562209b4f2c934bdb.exe"C:\Users\Admin\AppData\Local\Temp\8d308d3895fc99a562209b4f2c934bdb.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Users\Admin\AppData\Local\Temp\8d308d3895fc99a562209b4f2c934bdb.exeC:\Users\Admin\AppData\Local\Temp\8d308d3895fc99a562209b4f2c934bdb.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2448
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD54baf49ed622024ca727621d9d056dfb6
SHA1bff37ead97ee2cc65e0718233476c7209648e861
SHA2560466553bf44cf275224f6b8e1d1a3caa058468900cfa93bef37bbb4360587a20
SHA5128b8ef32149a1d1e9abb9c6eb5bd39bd01cc1f17a7fa275dfc70013d9ee47f08e642b0e4c2ef8b9afded8306c44409021c7cb0d925c4b4823f6522ff134130e23