Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/02/2024, 18:03
Behavioral task
behavioral1
Sample
ac824d47a4d15778dd74790edb519291.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ac824d47a4d15778dd74790edb519291.exe
Resource
win10v2004-20240226-en
General
-
Target
ac824d47a4d15778dd74790edb519291.exe
-
Size
1.3MB
-
MD5
ac824d47a4d15778dd74790edb519291
-
SHA1
a98d534d1b43b662fd2abda00c4e7583ffebb1df
-
SHA256
a8a17a5065108c7d04210fd5b6848983d38a4380e9a9da1216d5c53d2bff45fc
-
SHA512
37061d5e9a4c6e206c55fbac981cacde238e68249db56edc7d0378bb56f99a4b3c63ff7eab697ff5be6238b7a2f74156dc91fafb1e4de856317b311c583d48c7
-
SSDEEP
24576:TTTV6bRa7ACGDHpepiMLGN4o0nMyB/lTUEPIW2KujNFjRekvG:TTTwRq4WPuQMyBmaEKujXj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2112 ac824d47a4d15778dd74790edb519291.exe -
Executes dropped EXE 1 IoCs
pid Process 2112 ac824d47a4d15778dd74790edb519291.exe -
Loads dropped DLL 1 IoCs
pid Process 1424 ac824d47a4d15778dd74790edb519291.exe -
resource yara_rule behavioral1/memory/1424-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x0009000000012251-11.dat upx behavioral1/files/0x0009000000012251-13.dat upx behavioral1/memory/1424-16-0x00000000034F0000-0x000000000395A000-memory.dmp upx behavioral1/memory/2112-17-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x0009000000012251-15.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1424 ac824d47a4d15778dd74790edb519291.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1424 ac824d47a4d15778dd74790edb519291.exe 2112 ac824d47a4d15778dd74790edb519291.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1424 wrote to memory of 2112 1424 ac824d47a4d15778dd74790edb519291.exe 28 PID 1424 wrote to memory of 2112 1424 ac824d47a4d15778dd74790edb519291.exe 28 PID 1424 wrote to memory of 2112 1424 ac824d47a4d15778dd74790edb519291.exe 28 PID 1424 wrote to memory of 2112 1424 ac824d47a4d15778dd74790edb519291.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe"C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1424 -
C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exeC:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2112
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
322KB
MD56a5bd001e9151e84fc25c5c6cc4f59cd
SHA1ef27e25326cf476d75a6627257c3fc37063c1724
SHA256f6b9e579a4711ee08ad18deaea52c143fb3ddf18d7e83310a1ba93fed536d32b
SHA512a4f76b592a863cc7e2ac084d13928404dbf216a3b622fc1690921c07a694d4bd460eb9b7e1ba09f588cf2966e89878487c97325667d3bba5ff6413fed1ea90d4
-
Filesize
320KB
MD57d7e63ea7b8555e38fe05fa051330d2f
SHA157e73183116678a6918dab9130a6bebb09dda0fd
SHA2560df8bb9123d01f4c26a5151bc2a027971905dd3bd80f89c419d91e428e99e078
SHA5126d68d14bb81d39b71b257e6394db9ec2d889351b156b719cc0cbbc8c24c99d7304658443b370adb26aeb40d265f9692bb01ed666eef530a6b29ab5b1effd1c5a
-
Filesize
1024KB
MD5d996d97404e998c0e20890952d5b93e8
SHA1cd6978b0456b56241780266ca02989cb423b0b44
SHA2565f4ff44bd88f2db9421e761a89e53aaf4f23d337e1e2288ef02a10c0046a032f
SHA512dfa7d143b61a8f4ca71e93e35fc51e04430d81ed8c3ec00d3d700136cc1f8b27c9a1e8043298aca88badf55eebd35478ddc541c63c590d301a520feb7ba03ee5