Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/02/2024, 07:26
Behavioral task
behavioral1
Sample
ab55f078971650e6d7eeae8f289f1f2e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ab55f078971650e6d7eeae8f289f1f2e.exe
Resource
win10v2004-20240226-en
General
-
Target
ab55f078971650e6d7eeae8f289f1f2e.exe
-
Size
1.3MB
-
MD5
ab55f078971650e6d7eeae8f289f1f2e
-
SHA1
0b8ebb80dfd9b924b19f35bc061ccdf7a0277768
-
SHA256
b318542c76b50712f2e1b4aed9bb43bba8e91b92fdf74a2cb49d17d83c445a21
-
SHA512
571db742be8eec50be7a5d86c288bd82cd532fa7aa5d99512b7dd74769bed30f434fdf8698248f278102cb4e2d6a12641f83e70d4acbd5bbe8c6c90b142cad36
-
SSDEEP
24576:LK/W0H+AUjWqPa6SPlA3vYsomPrT1Y71pJr8Bdj83vG:LK/W0lJEw4Txuvx8Bdw
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2112 ab55f078971650e6d7eeae8f289f1f2e.exe -
Executes dropped EXE 1 IoCs
pid Process 2112 ab55f078971650e6d7eeae8f289f1f2e.exe -
Loads dropped DLL 1 IoCs
pid Process 1424 ab55f078971650e6d7eeae8f289f1f2e.exe -
resource yara_rule behavioral1/memory/1424-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x0009000000012251-11.dat upx behavioral1/files/0x0009000000012251-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1424 ab55f078971650e6d7eeae8f289f1f2e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1424 ab55f078971650e6d7eeae8f289f1f2e.exe 2112 ab55f078971650e6d7eeae8f289f1f2e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1424 wrote to memory of 2112 1424 ab55f078971650e6d7eeae8f289f1f2e.exe 28 PID 1424 wrote to memory of 2112 1424 ab55f078971650e6d7eeae8f289f1f2e.exe 28 PID 1424 wrote to memory of 2112 1424 ab55f078971650e6d7eeae8f289f1f2e.exe 28 PID 1424 wrote to memory of 2112 1424 ab55f078971650e6d7eeae8f289f1f2e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab55f078971650e6d7eeae8f289f1f2e.exe"C:\Users\Admin\AppData\Local\Temp\ab55f078971650e6d7eeae8f289f1f2e.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1424 -
C:\Users\Admin\AppData\Local\Temp\ab55f078971650e6d7eeae8f289f1f2e.exeC:\Users\Admin\AppData\Local\Temp\ab55f078971650e6d7eeae8f289f1f2e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2112
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD5ddda0e4ad5159bffe94916ffd8eb324d
SHA1898fb8050facf8da2be3e2749bdfce14a100a6d2
SHA256288b513f4a8de662ee69a96c54a22c0f7c15fe1fdc432170e7ae6f629f8b2f22
SHA512d04a8b29605629dae47ca6e4e8063bb72217f700830c84738df498f256f0c4d89373c38c779690ad43195b367d06ca318f81bb6fba5d2d1cb84f014f202f545e
-
Filesize
1.3MB
MD5eb1e5ed9b826b3a5f5d49a6b9ed42a0b
SHA118664398d84eb237a4bcca454875ca3dc0dab7da
SHA256825960b0bb50625eda807adff2d76e8b48db3a899aef9797b8044f1cfa50a736
SHA5128e3582a4d8a46fd8959e4d08b1ba0d875d81f087f7323383c8d9b4ced4f908ff59a847579f4604d12edb1f8926f7dfe9608c5bc99aaa9353573050a9c51a6312