Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
28/02/2024, 03:11
Static task
static1
Behavioral task
behavioral1
Sample
aadaa40df816039f1005afe38d290725.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
aadaa40df816039f1005afe38d290725.exe
Resource
win10v2004-20240226-en
General
-
Target
aadaa40df816039f1005afe38d290725.exe
-
Size
82KB
-
MD5
aadaa40df816039f1005afe38d290725
-
SHA1
acf9da779bf66bb45ec8e47b14f6cf03a3b8e10b
-
SHA256
c4174a06279b6e05cbb93b63bc8fb3447f7d5ca9c91461de64105e84c1fcd33c
-
SHA512
855fd981b8c12d2a88a266a2996a500fc80fdca4e29e7ae506c763b0baf964ce443a1b799619592ff8aed9001a95ef2453cbaf73be4ed4b8cc763dc268a8d20c
-
SSDEEP
1536:4piy6Iy2L5ZZfG/qgUcYmhdzuXDrBkIyeZ9GIfPGWFBNO/NqKSkBTzJsDUXYf2l:4piyh5Zc/F0mhdzu2ezlPRTg/NJzBTzN
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2616 aadaa40df816039f1005afe38d290725.exe -
Executes dropped EXE 1 IoCs
pid Process 2616 aadaa40df816039f1005afe38d290725.exe -
Loads dropped DLL 1 IoCs
pid Process 2764 aadaa40df816039f1005afe38d290725.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2764 aadaa40df816039f1005afe38d290725.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2764 aadaa40df816039f1005afe38d290725.exe 2616 aadaa40df816039f1005afe38d290725.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2764 wrote to memory of 2616 2764 aadaa40df816039f1005afe38d290725.exe 29 PID 2764 wrote to memory of 2616 2764 aadaa40df816039f1005afe38d290725.exe 29 PID 2764 wrote to memory of 2616 2764 aadaa40df816039f1005afe38d290725.exe 29 PID 2764 wrote to memory of 2616 2764 aadaa40df816039f1005afe38d290725.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exe"C:\Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exeC:\Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2616
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5db599cbd3e14ebafeebf54ba9986c505
SHA17aacc626a3a42c7e5b045a3dfb67adc4c70dab70
SHA2560002ca982c0507a8f5e27b0871b670f5c1cabd9334563f23741de8d5ebd35006
SHA5129318f6b93f139efbd82057cc9e32ead8bd50b5ffad25f10c8d3f37e204b9e6acc70c802198745f3a383106f7ec84c575d714b4f4ac0bad7496d903f82f65d1ca