Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/02/2024, 10:05
Behavioral task
behavioral1
Sample
screenshot.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
screenshot.exe
Resource
win10v2004-20240221-en
General
-
Target
screenshot.exe
-
Size
7.3MB
-
MD5
2477349610f4f17d966703b563217496
-
SHA1
1b16d7adb12537952fdffb315021474284aefab0
-
SHA256
e792920cc152df874f29810e435af9c71838f690a2e7abc3cbc6ad9ab5473336
-
SHA512
771b9c94acc37ec6841ec725e92d58e52a83822291a21b8e8633999947a46692ce88b8b9d0d9078770f8db15853250a44459bbf3c107e16351a4464cafca66f3
-
SSDEEP
196608:fVYS6oOshoKMuIkhVastRL5Di3uh1D7JQ:tYS/OshouIkPftRL54YRJQ
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 3020 screenshot.exe -
resource yara_rule behavioral1/files/0x0006000000015f9e-21.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2976 wrote to memory of 3020 2976 screenshot.exe 28 PID 2976 wrote to memory of 3020 2976 screenshot.exe 28 PID 2976 wrote to memory of 3020 2976 screenshot.exe 28
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD55f6fd64ec2d7d73ae49c34dd12cedb23
SHA1c6e0385a868f3153a6e8879527749db52dce4125
SHA256ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab