Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/02/2024, 04:36
Behavioral task
behavioral1
Sample
ea38b1d286c5f23c10ac6839b8da1e39.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ea38b1d286c5f23c10ac6839b8da1e39.exe
Resource
win10v2004-20231215-en
General
-
Target
ea38b1d286c5f23c10ac6839b8da1e39.exe
-
Size
75KB
-
MD5
ea38b1d286c5f23c10ac6839b8da1e39
-
SHA1
adbb4590655d374ae321de45d3cc965b590cd29a
-
SHA256
779869dc9547fc319ca353352595c0adf6302d14eb3e8c0e89bb4be4bd250417
-
SHA512
223c6ee8bb2dbe9c95a33bc0a936d040260b30d12499d4e2b25f7e5ded3cd57d1ef85c159667d74da4c7d8bc3dfc22cd4d56c3e1dc1a4c3233f173150e599c23
-
SSDEEP
1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOAkXtBdxPUxaN:T6a+rdOOtEvwDpjNtHPr
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2124 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2512 ea38b1d286c5f23c10ac6839b8da1e39.exe -
resource yara_rule behavioral1/memory/2512-0-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/files/0x000b000000012262-11.dat upx behavioral1/memory/2512-15-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/memory/2124-16-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/memory/2124-26-0x0000000000500000-0x0000000000510000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2124 2512 ea38b1d286c5f23c10ac6839b8da1e39.exe 28 PID 2512 wrote to memory of 2124 2512 ea38b1d286c5f23c10ac6839b8da1e39.exe 28 PID 2512 wrote to memory of 2124 2512 ea38b1d286c5f23c10ac6839b8da1e39.exe 28 PID 2512 wrote to memory of 2124 2512 ea38b1d286c5f23c10ac6839b8da1e39.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea38b1d286c5f23c10ac6839b8da1e39.exe"C:\Users\Admin\AppData\Local\Temp\ea38b1d286c5f23c10ac6839b8da1e39.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2124
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
75KB
MD5a1258ca4837e98be5d4adaf07f4d6962
SHA11486b5bbd96c724a773c5833cbd317164d1c8bc6
SHA256a4a81e1a8f4f21dfa36355609d022f3a88a5b1e927a685112dc225d8c784ad97
SHA512038923cd8b2672f8f5f8a87917c681b9f2c3404804e9cf20399131e63e294ffd3d5fd29d2489c17b59013ef6aac474933c746c8906a87eb6700f17324e42e9a0