Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
13/02/2024, 09:59
Behavioral task
behavioral1
Sample
9921326d5eae0f9bdf9346f684c4f612.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9921326d5eae0f9bdf9346f684c4f612.exe
Resource
win10v2004-20231215-en
General
-
Target
9921326d5eae0f9bdf9346f684c4f612.exe
-
Size
1.3MB
-
MD5
9921326d5eae0f9bdf9346f684c4f612
-
SHA1
91f2d78e15c2bacefe6350f11fe9d48055a2a4c2
-
SHA256
0f7e82ff1186c7cf8667b22726bd9e730cd256bb75236af178d2b80f2c83ee3a
-
SHA512
14bbeaf91b698cfd052d1e13945de4287beb715df5eb3322e26ebba347b80a07a34fd18fdc68710409cdcf3ed054c5c9b0ff08c5fdf42a1e89a9aab204179d47
-
SSDEEP
24576:h6Vba/HtEpgo37iRD/6JOR2UKQFsSzUkYqAtwsERqiPs4F274OsqNql25t6apNSL:h6Vba/HWzLC/zMn+uNjFL4F+sqIUSapI
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2644 9921326d5eae0f9bdf9346f684c4f612.exe -
Executes dropped EXE 1 IoCs
pid Process 2644 9921326d5eae0f9bdf9346f684c4f612.exe -
Loads dropped DLL 1 IoCs
pid Process 1016 9921326d5eae0f9bdf9346f684c4f612.exe -
resource yara_rule behavioral1/memory/1016-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012262-12.dat upx behavioral1/memory/2644-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1016 9921326d5eae0f9bdf9346f684c4f612.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1016 9921326d5eae0f9bdf9346f684c4f612.exe 2644 9921326d5eae0f9bdf9346f684c4f612.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1016 wrote to memory of 2644 1016 9921326d5eae0f9bdf9346f684c4f612.exe 28 PID 1016 wrote to memory of 2644 1016 9921326d5eae0f9bdf9346f684c4f612.exe 28 PID 1016 wrote to memory of 2644 1016 9921326d5eae0f9bdf9346f684c4f612.exe 28 PID 1016 wrote to memory of 2644 1016 9921326d5eae0f9bdf9346f684c4f612.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exe"C:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1016 -
C:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exeC:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2644
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD594f54ba3ff7b8a974f8d1536dd0d73ed
SHA11d4f5bf458af8796a25684c683d81ca20ece8a4f
SHA256b05941bce8a544ccaf65b9bf6f90d53c6026e1a218297240af70cfb758e3955d
SHA5120971d0c95b178865c77dd2548d823f7709d531369b54c969a6dc19ec98febed3c108421868848672b9a9f5ebe95c55feb41a829defaf4feac4a78969c967ffab