Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/02/2024, 10:52
Behavioral task
behavioral1
Sample
96fae479413d570fc3ede490335770d9.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
96fae479413d570fc3ede490335770d9.exe
Resource
win10v2004-20231215-en
General
-
Target
96fae479413d570fc3ede490335770d9.exe
-
Size
1.3MB
-
MD5
96fae479413d570fc3ede490335770d9
-
SHA1
f9c398593d072f3306c0b480ec86070932a13317
-
SHA256
6f746655ee58705a2dea7bb29b936d7af9cf3d42c602c07306026539f2c37d95
-
SHA512
cb3796579b0d4a309306706e9226d5113ca6199c0adfe7b90bcf37f28274187fc4570aa49a794b7d014179bb0ff595caf9e45602bd61a250b5a4f6d4aa4f57c8
-
SSDEEP
24576:4RmTzlToUSZ3h5gFU9GSemB9vWPMe7RVJX1yY+B/k8tHvG:4R0JTo1r59G1oIR7Vls/l
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2776 96fae479413d570fc3ede490335770d9.exe -
Executes dropped EXE 1 IoCs
pid Process 2776 96fae479413d570fc3ede490335770d9.exe -
Loads dropped DLL 1 IoCs
pid Process 2828 96fae479413d570fc3ede490335770d9.exe -
resource yara_rule behavioral1/memory/2828-1-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000c000000012337-11.dat upx behavioral1/memory/2776-15-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000c000000012337-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2828 96fae479413d570fc3ede490335770d9.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2828 96fae479413d570fc3ede490335770d9.exe 2776 96fae479413d570fc3ede490335770d9.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2828 wrote to memory of 2776 2828 96fae479413d570fc3ede490335770d9.exe 28 PID 2828 wrote to memory of 2776 2828 96fae479413d570fc3ede490335770d9.exe 28 PID 2828 wrote to memory of 2776 2828 96fae479413d570fc3ede490335770d9.exe 28 PID 2828 wrote to memory of 2776 2828 96fae479413d570fc3ede490335770d9.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\96fae479413d570fc3ede490335770d9.exe"C:\Users\Admin\AppData\Local\Temp\96fae479413d570fc3ede490335770d9.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2828 -
C:\Users\Admin\AppData\Local\Temp\96fae479413d570fc3ede490335770d9.exeC:\Users\Admin\AppData\Local\Temp\96fae479413d570fc3ede490335770d9.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2776
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5efa3a7a9ea892bc49f783560cefb3464
SHA11aac2ca9e4e53bac91ec89271dc6452bd4e13432
SHA25653d2cd593ea7d05f59f08fa33d20cd38a8c7c07657d69209d444f1b292acfb23
SHA512aa7c5e987872ce107586e140beb3d995eed28a7dae7c0ef33fd20bd4c6f610b70dc9eeaadec6993107d8f3efcfda952e629124f6fc4aad165f6a849543cdb2f4
-
Filesize
832KB
MD59bb6c6ae2d4b80794e22cd5c7b748127
SHA1c56e323b1536d356f43f6e79b146402f18887f92
SHA256f0ec9fcc25b90e8f2e1d4cfcfea2226a7833ca95f18442a9675ddb40069e3c1f
SHA512af9b9d620a151fe6cebed62a6528b1be354428c9e2869d89b5626196bfb3a311cad4561b817a7e0f4a7125ea80e07e8ea71ab36a796745432cf199ebab9cddef