Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14/02/2024, 08:06
Static task
static1
Behavioral task
behavioral1
Sample
9b29fc2a8a2bfb906480fa8f01ce4743.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9b29fc2a8a2bfb906480fa8f01ce4743.exe
Resource
win10v2004-20231222-en
General
-
Target
9b29fc2a8a2bfb906480fa8f01ce4743.exe
-
Size
1.6MB
-
MD5
9b29fc2a8a2bfb906480fa8f01ce4743
-
SHA1
3c2a3df7e064d387ce217b9afb834f3e4e002a28
-
SHA256
1e88014af0a6775373d813a553f4aba72c29ea896b64739b202a0a0f7b0bd2ca
-
SHA512
55adf17e6b1ff6f90be5497edc7022e4581946cb3d22a643824d3ec1e1083b4accf825c031f458d542eed7ef0b778bcd110c87eb164f18ace81e99d26303d4cf
-
SSDEEP
49152:Q631PCJ/m/m8iDKC7SsFccbvpTb9t7NgpKb1x:J31D/ziDfSsFccjztpgpW
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Wine 9b29fc2a8a2bfb906480fa8f01ce4743.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2208 wrote to memory of 1392 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe 13 PID 2208 wrote to memory of 1392 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe 13 PID 2208 wrote to memory of 1392 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe 13 PID 2208 wrote to memory of 1392 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe 13 PID 2208 wrote to memory of 1392 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe 13 PID 2208 wrote to memory of 1392 2208 9b29fc2a8a2bfb906480fa8f01ce4743.exe 13
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1392
-
C:\Users\Admin\AppData\Local\Temp\9b29fc2a8a2bfb906480fa8f01ce4743.exe"C:\Users\Admin\AppData\Local\Temp\9b29fc2a8a2bfb906480fa8f01ce4743.exe"2⤵
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2208
-