Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/02/2024, 14:40
Static task
static1
Behavioral task
behavioral1
Sample
9bf06e5ebc4fe5ae649112cdf3c692b6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9bf06e5ebc4fe5ae649112cdf3c692b6.exe
Resource
win10v2004-20231222-en
General
-
Target
9bf06e5ebc4fe5ae649112cdf3c692b6.exe
-
Size
165KB
-
MD5
9bf06e5ebc4fe5ae649112cdf3c692b6
-
SHA1
f5a4295b66de6039d617e3af77c998640afbac3f
-
SHA256
5df44dc999a9dd9ab659bf138454ef031194c920ab8b31288de1cdada63bab9e
-
SHA512
6069fd6b4a55f2100b7437da3254b4b3213fba451cef8a5a8516223c2b852e5a2f094cba40a82653c25124e2a3efe2d84ccd6111c4c112006111814928923cf8
-
SSDEEP
3072:upteG7x/lJ3QbK7z3SW857W8P8tfhHDn+lRJSI5l9Mg/RuZrsnagYnTdEV:up91/lJgbfn7WwE5HDneTSI5la+9sny
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2352 9bf06e5ebc4fe5ae649112cdf3c692b6.exe -
Executes dropped EXE 1 IoCs
pid Process 2352 9bf06e5ebc4fe5ae649112cdf3c692b6.exe -
Loads dropped DLL 1 IoCs
pid Process 1308 9bf06e5ebc4fe5ae649112cdf3c692b6.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1308 9bf06e5ebc4fe5ae649112cdf3c692b6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1308 9bf06e5ebc4fe5ae649112cdf3c692b6.exe 2352 9bf06e5ebc4fe5ae649112cdf3c692b6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1308 wrote to memory of 2352 1308 9bf06e5ebc4fe5ae649112cdf3c692b6.exe 29 PID 1308 wrote to memory of 2352 1308 9bf06e5ebc4fe5ae649112cdf3c692b6.exe 29 PID 1308 wrote to memory of 2352 1308 9bf06e5ebc4fe5ae649112cdf3c692b6.exe 29 PID 1308 wrote to memory of 2352 1308 9bf06e5ebc4fe5ae649112cdf3c692b6.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\9bf06e5ebc4fe5ae649112cdf3c692b6.exe"C:\Users\Admin\AppData\Local\Temp\9bf06e5ebc4fe5ae649112cdf3c692b6.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Users\Admin\AppData\Local\Temp\9bf06e5ebc4fe5ae649112cdf3c692b6.exeC:\Users\Admin\AppData\Local\Temp\9bf06e5ebc4fe5ae649112cdf3c692b6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2352
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
165KB
MD503a06d521924f2c9cc83348fb2101688
SHA1bc1f89281812cbc40235bb609d73cd6b62255a0b
SHA2560fa5365a6ab8ae56d6195befd7756a94a20a94183f97ca2ee51dd62b3cb326a1
SHA5127215ceec36ca97e57d43640f46a9d1810fc615a4c3df2b44a673bee9380038fb42f6335241d1e7369b504785754fbe644f29882c494a0f756356f3c5ec0aec8c