Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/02/2024, 11:19
Static task
static1
Behavioral task
behavioral1
Sample
a3a612ea57f82e0dc9f61e2a41415166.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3a612ea57f82e0dc9f61e2a41415166.exe
Resource
win10v2004-20240221-en
General
-
Target
a3a612ea57f82e0dc9f61e2a41415166.exe
-
Size
82KB
-
MD5
a3a612ea57f82e0dc9f61e2a41415166
-
SHA1
ed176ca45a5d93f499972dd9707c27ff1da10abe
-
SHA256
d946a55859e31b7c181884173bf234d9ed60db9bc92272b1b7f305c4120a1869
-
SHA512
2f69661bba9fc2613725d34bf17f04adc74763a990ac5b042ca85215fea73c3fcf231f9d2d3e1b840178a94c3ff006395b2aecf892e644ef1f379631c66cd784
-
SSDEEP
1536:ljkFrM8HNZXtJwu3XO3U7tfTxAa6nZLnjRjRFfa4KxO:pitZXtJwu3XOEJLxv+LjRz5KM
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2116 a3a612ea57f82e0dc9f61e2a41415166.exe -
Executes dropped EXE 1 IoCs
pid Process 2116 a3a612ea57f82e0dc9f61e2a41415166.exe -
Loads dropped DLL 1 IoCs
pid Process 1224 a3a612ea57f82e0dc9f61e2a41415166.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1224 a3a612ea57f82e0dc9f61e2a41415166.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1224 a3a612ea57f82e0dc9f61e2a41415166.exe 2116 a3a612ea57f82e0dc9f61e2a41415166.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1224 wrote to memory of 2116 1224 a3a612ea57f82e0dc9f61e2a41415166.exe 29 PID 1224 wrote to memory of 2116 1224 a3a612ea57f82e0dc9f61e2a41415166.exe 29 PID 1224 wrote to memory of 2116 1224 a3a612ea57f82e0dc9f61e2a41415166.exe 29 PID 1224 wrote to memory of 2116 1224 a3a612ea57f82e0dc9f61e2a41415166.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3a612ea57f82e0dc9f61e2a41415166.exe"C:\Users\Admin\AppData\Local\Temp\a3a612ea57f82e0dc9f61e2a41415166.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Users\Admin\AppData\Local\Temp\a3a612ea57f82e0dc9f61e2a41415166.exeC:\Users\Admin\AppData\Local\Temp\a3a612ea57f82e0dc9f61e2a41415166.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2116
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD59d30f2d69338540101164499fa0ef5c9
SHA1f95c2bfa6328ff89015ce05ccc9a4533414cdf41
SHA2562c7839caaa9e13fe0dc8109caa5fa814ea29c14e844fab9788f73af5b2418f65
SHA512fdf35a5cb682bfc72026a169bb6de066f1ae84f3b3b06b373e0a931e19e738d9bc434989faca0b452ca88d8847e82d40a934a8478f7282f1e4ee8e89a642e848