Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/02/2024, 18:42
Behavioral task
behavioral1
Sample
a9e11d4bee1e07bdc43cb6c58112842a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a9e11d4bee1e07bdc43cb6c58112842a.exe
Resource
win10v2004-20240226-en
General
-
Target
a9e11d4bee1e07bdc43cb6c58112842a.exe
-
Size
1.5MB
-
MD5
a9e11d4bee1e07bdc43cb6c58112842a
-
SHA1
eca9593223a14de4393a2a03a1d4d23168177559
-
SHA256
96ab0a1c0d03ddd6d8ae1d0f5392c3052802515406dcbe7d3fe983589ec00f31
-
SHA512
f4912bb62981b05d0ad9adede4414323ba03772841a9865ad262670b381020ffa7df7e5a661b1a7a602aa5306ee7075b88e906bdb55a07a6a3e54dbc0298bc95
-
SSDEEP
24576:mrsjVB+2J4FTIkziwEI35FhBFhVy7fYHi9I/5IZQLHFXGICs4UmnS5xtrW:ssJM2JiIkzPEyhBBYYCI/5c4lXacr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1724 a9e11d4bee1e07bdc43cb6c58112842a.exe -
Executes dropped EXE 1 IoCs
pid Process 1724 a9e11d4bee1e07bdc43cb6c58112842a.exe -
Loads dropped DLL 1 IoCs
pid Process 2156 a9e11d4bee1e07bdc43cb6c58112842a.exe -
resource yara_rule behavioral1/memory/2156-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012256-13.dat upx behavioral1/files/0x000b000000012256-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2156 a9e11d4bee1e07bdc43cb6c58112842a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2156 a9e11d4bee1e07bdc43cb6c58112842a.exe 1724 a9e11d4bee1e07bdc43cb6c58112842a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2156 wrote to memory of 1724 2156 a9e11d4bee1e07bdc43cb6c58112842a.exe 28 PID 2156 wrote to memory of 1724 2156 a9e11d4bee1e07bdc43cb6c58112842a.exe 28 PID 2156 wrote to memory of 1724 2156 a9e11d4bee1e07bdc43cb6c58112842a.exe 28 PID 2156 wrote to memory of 1724 2156 a9e11d4bee1e07bdc43cb6c58112842a.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\a9e11d4bee1e07bdc43cb6c58112842a.exe"C:\Users\Admin\AppData\Local\Temp\a9e11d4bee1e07bdc43cb6c58112842a.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Users\Admin\AppData\Local\Temp\a9e11d4bee1e07bdc43cb6c58112842a.exeC:\Users\Admin\AppData\Local\Temp\a9e11d4bee1e07bdc43cb6c58112842a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1724
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD51e6d914047904027a667d87570935646
SHA1d11c9c2face2b7b52791e7ee3a9756dbb8e82a03
SHA2564ddfd98bfbbf61dd20c53f9be3f488abc5101bc5db8d72da839b4aeb4371be9c
SHA5129a8d51c2596c719d11141730c496b5b4c1f001f8a15f49d643487c03bfa0436df5cbe1062e787c9354657657104d7a6f8344188ff218d81ccea06b2636ed7b2d
-
Filesize
64KB
MD5aad3bb449519522783f0f8136a6df2ae
SHA16b60551b9b6dda15c906ff383abb1ac0d9fc1ba4
SHA256f6b467c1ec533b7effb715715f6e368a4c96334af29cd01964c2ed2c238cf9bc
SHA512575cbd7500f23b7ba298f66c6c6f297f407834b7131ab88969d20c5136f397a34396a29ad69768a73749d74d925d26e2f727710c58243fa6400f5648c270eb40