Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
177s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/02/2024, 13:25
Behavioral task
behavioral1
Sample
a3e5706af5771d6d08c34629de1545d4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3e5706af5771d6d08c34629de1545d4.exe
Resource
win10v2004-20240221-en
General
-
Target
a3e5706af5771d6d08c34629de1545d4.exe
-
Size
2.9MB
-
MD5
a3e5706af5771d6d08c34629de1545d4
-
SHA1
fd5105546841e33fcf81d9e959a568b5d0f51f34
-
SHA256
3c093695f4b07e2c15080f879fed460df1488ae2e5c463d192e7e78ac1114fed
-
SHA512
887b47e1f7cbab463f8c46915cb67b6d0360c5537f6aa73ff3a190ab503ab3e68acb60cdef0088102106aa730b7b0b22b946c96c72697febdd7dfaaaf4bd2d83
-
SSDEEP
49152:B/QVUtSoEbKb/Aa8VjX91o+0/C8c32vSP4M338dB2IBlGuuDVUsdxxjeQZwxPYRr:B/QGtPMKb/8O4R3xgg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2688 a3e5706af5771d6d08c34629de1545d4.exe -
Executes dropped EXE 1 IoCs
pid Process 2688 a3e5706af5771d6d08c34629de1545d4.exe -
Loads dropped DLL 1 IoCs
pid Process 1944 a3e5706af5771d6d08c34629de1545d4.exe -
resource yara_rule behavioral1/memory/1944-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0028000000012265-10.dat upx behavioral1/files/0x0028000000012265-15.dat upx behavioral1/memory/2688-17-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/memory/1944-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1944 a3e5706af5771d6d08c34629de1545d4.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1944 a3e5706af5771d6d08c34629de1545d4.exe 2688 a3e5706af5771d6d08c34629de1545d4.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1944 wrote to memory of 2688 1944 a3e5706af5771d6d08c34629de1545d4.exe 29 PID 1944 wrote to memory of 2688 1944 a3e5706af5771d6d08c34629de1545d4.exe 29 PID 1944 wrote to memory of 2688 1944 a3e5706af5771d6d08c34629de1545d4.exe 29 PID 1944 wrote to memory of 2688 1944 a3e5706af5771d6d08c34629de1545d4.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe"C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1944 -
C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exeC:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2688
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
640KB
MD5c68c2778c1f480c652861a005e210e7a
SHA15f110e2f9a8c3a96b96c90ae498fc7675e435e91
SHA25660d7da4f0373022004a87aabaed7668427fb542fbe8df8dde3e5ec23791ae299
SHA51251f7158378cda48fb32dcedc68c2693163d470dbdb564023937eb8b7219c6d0492228b2dd94d273ce5bef790a4d9fbeb878e0e1892a9e9194800d10e806ac065
-
Filesize
1.1MB
MD563d152807ffd2127be86aab29d19197b
SHA14d18c0dea92d1919f175a8bc4348e62508f68cd5
SHA2568d7e1103ac66d80074532cc22a9f06649119954750fa35b57ed43db734f167ca
SHA51261bb86cdd28d8eb8a0b8634099c30da337aef7063afb6bf11cf8e4f8c0e8817d678253751045feb79766b6fb5b19ba34997a820f3c665c4091c391f2d32967b5