Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04/02/2024, 00:48
Behavioral task
behavioral1
Sample
8dcc02da6f74a931c78ba46ea86e7d08.exe
Resource
win7-20231215-en
General
-
Target
8dcc02da6f74a931c78ba46ea86e7d08.exe
-
Size
2.7MB
-
MD5
8dcc02da6f74a931c78ba46ea86e7d08
-
SHA1
e4edcc44e19a9b58b697df193cc41edcd2d93866
-
SHA256
3b5b0cf21f6be7712afd31c93c2f8e74b4121945358bc66fb3d84c752cde593b
-
SHA512
a35f344cc142cff6dcc833d1503bdd4255a98e03d8c7e0444ac0b43982b1560b9f95f5b8737eb09e5d2b08672577b748d9543ff2c7275b93559678aa6a52d67d
-
SSDEEP
49152:AeTRt4i9q2GL6BMuYfNPBys1hFrG6WtzLwilcDKJ9gSP1Ykf:lTz8pL6S3lZVnFrWVJuSP1Ykf
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2800 8dcc02da6f74a931c78ba46ea86e7d08.exe -
Executes dropped EXE 1 IoCs
pid Process 2800 8dcc02da6f74a931c78ba46ea86e7d08.exe -
Loads dropped DLL 1 IoCs
pid Process 2568 8dcc02da6f74a931c78ba46ea86e7d08.exe -
resource yara_rule behavioral1/memory/2568-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a000000014615-10.dat upx behavioral1/memory/2568-15-0x0000000003770000-0x0000000003C5F000-memory.dmp upx behavioral1/memory/2800-18-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2568 8dcc02da6f74a931c78ba46ea86e7d08.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2568 8dcc02da6f74a931c78ba46ea86e7d08.exe 2800 8dcc02da6f74a931c78ba46ea86e7d08.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2568 wrote to memory of 2800 2568 8dcc02da6f74a931c78ba46ea86e7d08.exe 28 PID 2568 wrote to memory of 2800 2568 8dcc02da6f74a931c78ba46ea86e7d08.exe 28 PID 2568 wrote to memory of 2800 2568 8dcc02da6f74a931c78ba46ea86e7d08.exe 28 PID 2568 wrote to memory of 2800 2568 8dcc02da6f74a931c78ba46ea86e7d08.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8dcc02da6f74a931c78ba46ea86e7d08.exe"C:\Users\Admin\AppData\Local\Temp\8dcc02da6f74a931c78ba46ea86e7d08.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Users\Admin\AppData\Local\Temp\8dcc02da6f74a931c78ba46ea86e7d08.exeC:\Users\Admin\AppData\Local\Temp\8dcc02da6f74a931c78ba46ea86e7d08.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2800
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD510c92837b324138fd79ce567f8e4c34d
SHA125bb22d4f499ed5f582eb2671e40c61e79e97afa
SHA256a660f327df29c12caa579b619a214bcb977f7d5e9e195e247210787fe2e187bc
SHA512d987cd9a52e28a16a4eac7d5178a466728afc7118abfeeeeb0b6942a68b7ccce8b2aff20f65212b25ccb5f247fc229f152e3a371ed3d576fe0faea05c9472109