Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06/02/2024, 14:17
Behavioral task
behavioral1
Sample
94b7c515d1c9edc9bfe0c0980021cc17.exe
Resource
win7-20231215-en
General
-
Target
94b7c515d1c9edc9bfe0c0980021cc17.exe
-
Size
1.5MB
-
MD5
94b7c515d1c9edc9bfe0c0980021cc17
-
SHA1
164832858c0c26b1188d1aaac55b4f180ff4f3e3
-
SHA256
d5ca776c15dfec6e77bea6489f12c012f2d40a56dfa5e1f1ab3c9bc7515dec8e
-
SHA512
ca8c264ef37d72bac0db2a314b889fd9e41a6d6ec4f92b0b290ca7923b6680195737da53f9d1b38ded9495bee2834885fff84ef4681d649d497f4bafdda4276d
-
SSDEEP
24576:Sgnq+l4ueaS/xQzXrcCEcsNPgZRJ1nVnCxnz2eN0bbzDJW:L5DbAQz7fAhgZVNCxubz9
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2784 94b7c515d1c9edc9bfe0c0980021cc17.exe -
Executes dropped EXE 1 IoCs
pid Process 2784 94b7c515d1c9edc9bfe0c0980021cc17.exe -
Loads dropped DLL 1 IoCs
pid Process 1020 94b7c515d1c9edc9bfe0c0980021cc17.exe -
resource yara_rule behavioral1/memory/1020-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012274-10.dat upx behavioral1/files/0x000b000000012274-13.dat upx behavioral1/memory/1020-15-0x0000000003530000-0x0000000003A1F000-memory.dmp upx behavioral1/memory/2784-18-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1020 94b7c515d1c9edc9bfe0c0980021cc17.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1020 94b7c515d1c9edc9bfe0c0980021cc17.exe 2784 94b7c515d1c9edc9bfe0c0980021cc17.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1020 wrote to memory of 2784 1020 94b7c515d1c9edc9bfe0c0980021cc17.exe 28 PID 1020 wrote to memory of 2784 1020 94b7c515d1c9edc9bfe0c0980021cc17.exe 28 PID 1020 wrote to memory of 2784 1020 94b7c515d1c9edc9bfe0c0980021cc17.exe 28 PID 1020 wrote to memory of 2784 1020 94b7c515d1c9edc9bfe0c0980021cc17.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\94b7c515d1c9edc9bfe0c0980021cc17.exe"C:\Users\Admin\AppData\Local\Temp\94b7c515d1c9edc9bfe0c0980021cc17.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1020 -
C:\Users\Admin\AppData\Local\Temp\94b7c515d1c9edc9bfe0c0980021cc17.exeC:\Users\Admin\AppData\Local\Temp\94b7c515d1c9edc9bfe0c0980021cc17.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2784
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
820KB
MD502db906e915a9121f33eea49e10aec5f
SHA16cd7d9bfe4ca0f2edbea994e950b88d788316993
SHA256b662e8b5890c7ccf5a899bb1fa17a717f722b58d3df14ccdd8ea147f5dbb47a6
SHA5125466a5a417bd9b054e5029eb037a7b1a42cf1ba77bf29eda38c8487c33f70ee0f07c01c7278220550d241ed84b85421fc54c5ba5f5e1703c86903c34e9a9b416
-
Filesize
64KB
MD5cab622fe429215368531767027017b13
SHA1dff02424c539a18a9318bd59ceac78b68171258b
SHA256cab899f2320132ca5b685b0e8a485848c36d0aa1e0507bfde283d74be10668f2
SHA512d305f6336025c51598277c6298e4d7ea1834ab0f03eab1fd2745cbbe4ca677ab6bdb81d70546aae6b53fd7db6b495fa42ba5a45ee223651fb9a6ca88342975ce