Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/02/2024, 18:45
Static task
static1
Behavioral task
behavioral1
Sample
a27b9cc01307237a16b08d449e5de87f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a27b9cc01307237a16b08d449e5de87f.exe
Resource
win10v2004-20240221-en
General
-
Target
a27b9cc01307237a16b08d449e5de87f.exe
-
Size
57KB
-
MD5
a27b9cc01307237a16b08d449e5de87f
-
SHA1
f68abaea3f54726f877a811479d0ef703b7a203d
-
SHA256
6ff02919ba1f41a558b4affffa234ebc90b2e20147502c1be844363e356b0d58
-
SHA512
710f97fd309b537a9a24c8d90fe584e63987d81608f02b27a7d2d8ee7c5f62b9064f8b3e93d2cf5cfa8c96ea0839fed9773dc9bc041047d72fc598f56000d9dd
-
SSDEEP
1536:r19Bn1cXxHmxphPtuEuF7EQxl/8YhrUGUVP:hPnSFKp1stxEQxl01hVP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1388 a27b9cc01307237a16b08d449e5de87f.exe -
Executes dropped EXE 1 IoCs
pid Process 1388 a27b9cc01307237a16b08d449e5de87f.exe -
Loads dropped DLL 1 IoCs
pid Process 2032 a27b9cc01307237a16b08d449e5de87f.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2032 a27b9cc01307237a16b08d449e5de87f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2032 a27b9cc01307237a16b08d449e5de87f.exe 1388 a27b9cc01307237a16b08d449e5de87f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1388 2032 a27b9cc01307237a16b08d449e5de87f.exe 29 PID 2032 wrote to memory of 1388 2032 a27b9cc01307237a16b08d449e5de87f.exe 29 PID 2032 wrote to memory of 1388 2032 a27b9cc01307237a16b08d449e5de87f.exe 29 PID 2032 wrote to memory of 1388 2032 a27b9cc01307237a16b08d449e5de87f.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe"C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exeC:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1388
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD56d6cd58533f065b904ba02f72b0d5051
SHA106dfc80c826b278340024b5f1aed044b33125609
SHA256f46d0eb76ec29ea3d1710a39bbef25a8acb77ba08938f2324d8762c046c33cd1
SHA5123b9852eefe7a01dcd44c2f5bddd7bd610266fd0ee0c9301bd77faafac8575c979c3e8e2928269d782d2fd8fee098e0f08dfe4209b932f952fcd157e4ce0bc3b6