Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/02/2024, 14:56
Static task
static1
Behavioral task
behavioral1
Sample
9bf81f95c8752c4ac5ade2301f15dae6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9bf81f95c8752c4ac5ade2301f15dae6.exe
Resource
win10v2004-20231215-en
General
-
Target
9bf81f95c8752c4ac5ade2301f15dae6.exe
-
Size
162KB
-
MD5
9bf81f95c8752c4ac5ade2301f15dae6
-
SHA1
3e915378385fcae1c7877bced38134afc27c8727
-
SHA256
1ee7faa2d2a66d52599844874ecc76240760d23bfbd3b7d0eceb7852b9d037f2
-
SHA512
de269a9734b5935bb9f6da3ca102e573747e09d0764f36c92e95159d4d7c30ac2f0da995e027c571cad570248c6938b875d78c71417c44c6248a0a57bed6a301
-
SSDEEP
3072:/mcvodpoUXUyCAw7GmUfuP5pxeQ8jUXvNK+T/b8bITU02MJ2:/mfHWAwCNo5pZ8MvNKGD8UU0RJ2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1328 9bf81f95c8752c4ac5ade2301f15dae6.exe -
Executes dropped EXE 1 IoCs
pid Process 1328 9bf81f95c8752c4ac5ade2301f15dae6.exe -
Loads dropped DLL 1 IoCs
pid Process 2796 9bf81f95c8752c4ac5ade2301f15dae6.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2796 9bf81f95c8752c4ac5ade2301f15dae6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2796 9bf81f95c8752c4ac5ade2301f15dae6.exe 1328 9bf81f95c8752c4ac5ade2301f15dae6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2796 wrote to memory of 1328 2796 9bf81f95c8752c4ac5ade2301f15dae6.exe 29 PID 2796 wrote to memory of 1328 2796 9bf81f95c8752c4ac5ade2301f15dae6.exe 29 PID 2796 wrote to memory of 1328 2796 9bf81f95c8752c4ac5ade2301f15dae6.exe 29 PID 2796 wrote to memory of 1328 2796 9bf81f95c8752c4ac5ade2301f15dae6.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\9bf81f95c8752c4ac5ade2301f15dae6.exe"C:\Users\Admin\AppData\Local\Temp\9bf81f95c8752c4ac5ade2301f15dae6.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Users\Admin\AppData\Local\Temp\9bf81f95c8752c4ac5ade2301f15dae6.exeC:\Users\Admin\AppData\Local\Temp\9bf81f95c8752c4ac5ade2301f15dae6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1328
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
162KB
MD59bcf3c9f112be783546d74fed0968276
SHA10b17a7ff7ca6e32a92d565dbbf23ec616a60ea8d
SHA2562ee84076f3508070b75e5132dd5202fdc809464f691c44cc50767eb246318193
SHA512fa39a61b060020cbf82df90c72d8134984d2f676c549cad588543e1ef49f238ad68856ccac37dff284f106374cac53b4a16c35d10f760958f400f653e683caff