Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05/02/2024, 15:47
Behavioral task
behavioral1
Sample
92636d9c2da69fb67865ba74e808b505.exe
Resource
win7-20231215-en
General
-
Target
92636d9c2da69fb67865ba74e808b505.exe
-
Size
2.9MB
-
MD5
92636d9c2da69fb67865ba74e808b505
-
SHA1
cb842a0d0caa6acf930498613d1c52021ed2dbeb
-
SHA256
e8feb0667bf27d715e0d5c0ee9e5d3dfe73d4048644a30e46ed6c3b3a1dc4d37
-
SHA512
d9d8f546968f6725e3ba565e3cd612ba2d15d645da59992567609520c284b8fb85457fd57082093de0e400a3729e31b0b4c9f0e888e41eb631cd025476da93d0
-
SSDEEP
49152:VmpKxfhU48zky2SZh7knIf4DuYdexNW6TdKP4M338dB2IBlGuuDVUsdxxjeQZwxs:WKxfhLpytbcIf4Du4o5TYgg3gnl/IVU8
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2724 92636d9c2da69fb67865ba74e808b505.exe -
Executes dropped EXE 1 IoCs
pid Process 2724 92636d9c2da69fb67865ba74e808b505.exe -
Loads dropped DLL 1 IoCs
pid Process 2760 92636d9c2da69fb67865ba74e808b505.exe -
resource yara_rule behavioral1/memory/2760-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0009000000012287-10.dat upx behavioral1/files/0x0009000000012287-13.dat upx behavioral1/memory/2724-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/memory/2760-14-0x00000000037E0000-0x0000000003CCF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2760 92636d9c2da69fb67865ba74e808b505.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2760 92636d9c2da69fb67865ba74e808b505.exe 2724 92636d9c2da69fb67865ba74e808b505.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2760 wrote to memory of 2724 2760 92636d9c2da69fb67865ba74e808b505.exe 28 PID 2760 wrote to memory of 2724 2760 92636d9c2da69fb67865ba74e808b505.exe 28 PID 2760 wrote to memory of 2724 2760 92636d9c2da69fb67865ba74e808b505.exe 28 PID 2760 wrote to memory of 2724 2760 92636d9c2da69fb67865ba74e808b505.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\92636d9c2da69fb67865ba74e808b505.exe"C:\Users\Admin\AppData\Local\Temp\92636d9c2da69fb67865ba74e808b505.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\Users\Admin\AppData\Local\Temp\92636d9c2da69fb67865ba74e808b505.exeC:\Users\Admin\AppData\Local\Temp\92636d9c2da69fb67865ba74e808b505.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2724
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
516KB
MD58a70b1fe819909a540efd47b2d3d5c77
SHA17a6df47248f1609fe235e39ecfe0bcf8410be8dc
SHA2567c13480173a6d1b28ec5ac640d98d9f15924586794bae499f573224f532bc505
SHA51234c0c786481ca1275bd4fe692cd35fc578122b4b67b89ac75003142ea9406b823f76560ecec95896d77e577ffacb56331259be9ac01bc5d64b3e85cf60f9b964
-
Filesize
560KB
MD596f364f3ffee1e7eb16a93ceb18859e7
SHA164cc0d7d5e70997f56088ba66b0d702de68a217a
SHA2565f978808a6ddba19742e36dbfe92bacc1ddceb1d2e8ad624b27d29ec0b607d96
SHA512835354c8f77b4b73b8a786adcf26f182212bac0076fffc5520842bdbbe1571d967f3ec9d21fba0f18e32571c80a0c60e9f2c11d64dd4dfbadff6cf0f89d23515