Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/02/2024, 14:49
Behavioral task
behavioral1
Sample
a21e0599afe06362cf1269bd7d09d938.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a21e0599afe06362cf1269bd7d09d938.exe
Resource
win10v2004-20240221-en
General
-
Target
a21e0599afe06362cf1269bd7d09d938.exe
-
Size
5.8MB
-
MD5
a21e0599afe06362cf1269bd7d09d938
-
SHA1
1a840676e6c7845b2e7b956ed072d65d8bd4ea5c
-
SHA256
b4aa7f85ea26f14899fffa322dfefe1303912d88f319387b2b64c6d389f2b2ec
-
SHA512
efcdac042a67f47e3d24ad5e2d0a3ae4204b2a482cc3be38485d552a25830a37d52bb85661d945c381a9e62c9834b81ff63e781c0bf57566f69d3f77aa0aa6be
-
SSDEEP
98304:qqiFOhI6Z/aY9fuZHau42c1joCjMPkNwk6366QOD6O5qjTKIHau42c1joCjMPkNQ:JZhI6ZaY8Fauq1jI86f6U+O5qjT3auqq
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2460 a21e0599afe06362cf1269bd7d09d938.exe -
Executes dropped EXE 1 IoCs
pid Process 2460 a21e0599afe06362cf1269bd7d09d938.exe -
Loads dropped DLL 1 IoCs
pid Process 2116 a21e0599afe06362cf1269bd7d09d938.exe -
resource yara_rule behavioral1/memory/2116-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000700000001225f-10.dat upx behavioral1/files/0x000700000001225f-14.dat upx behavioral1/files/0x000700000001225f-12.dat upx behavioral1/memory/2460-15-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2116 a21e0599afe06362cf1269bd7d09d938.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2116 a21e0599afe06362cf1269bd7d09d938.exe 2460 a21e0599afe06362cf1269bd7d09d938.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2116 wrote to memory of 2460 2116 a21e0599afe06362cf1269bd7d09d938.exe 28 PID 2116 wrote to memory of 2460 2116 a21e0599afe06362cf1269bd7d09d938.exe 28 PID 2116 wrote to memory of 2460 2116 a21e0599afe06362cf1269bd7d09d938.exe 28 PID 2116 wrote to memory of 2460 2116 a21e0599afe06362cf1269bd7d09d938.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe"C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exeC:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2460
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD5f7f5a302fa83eca7297db0c2df55f918
SHA15d574f79ec8fae5313d58d956617b5ff6fe792f9
SHA25610b5a47a7cd94ff40b599f3c80ab43c0e67143f476afc65bfcdf1b879be7a334
SHA512115b63dce5951bff0201fa0d5247cd3710d89cf3c69034f788ffcc67a39398c126cd363bf83e5ccc790615013e3e12028dccc1aa85887d6ad588f46abd5b2f6f
-
Filesize
3.1MB
MD500094e62dbf7775372d2ec92377d84c3
SHA1392c4a85bfe84ddf55e253b6587ee02e005d3050
SHA2562e3b7aa6f068bdc169879f3953474230027bc74937741b5fa1efac3300e7c9ce
SHA51255e71cbd045a73076c449dfc00dfec2d5190d03cb6b0c569135172306091e527e2e13d910897a0dfc5871cd4c40f338ca164528a211265f58980ef1b70544f76
-
Filesize
3.6MB
MD5d81e1491bc58b9a7abdc3c45dc8b7417
SHA16145a8b29228b5ed04e905336cb234dd096be046
SHA256bda61613ac67cefc184e65be9a982894148eb23ec5c2903b4eb416c60a65300f
SHA512e33a60cf976b367abefdea7f365a61c4ad762a007b9a03f99c6c9826f9d7582a2d645ac2e44db843b1751616fff9b54964d194b957b957970ecfccfc4f7fd650