Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/02/2024, 07:15
Behavioral task
behavioral1
Sample
adfdba51de0fc3818e573713538a1cdc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
adfdba51de0fc3818e573713538a1cdc.exe
Resource
win10v2004-20240226-en
General
-
Target
adfdba51de0fc3818e573713538a1cdc.exe
-
Size
2.7MB
-
MD5
adfdba51de0fc3818e573713538a1cdc
-
SHA1
a58eff882ff7078dde38743e73fae99aa24eb01a
-
SHA256
f766da895695a554d99745d7f55e37d3eb427bffbbcb4f6d37ca0306cc197844
-
SHA512
342fe8c11e562ad0237c3dec5b057bf83c340e3a963378fd649f30c83f776ad9771814d5a6f1f5ff441f9f308962e256b0cc638421b3fe904931f9983c478c6c
-
SSDEEP
49152:85Lji1oickcGvPVTTWMW6HgHA7IxPn6R9fHn5kgQBHaFIQGyeUaLw0yYLKvR9j:85LjGot6BTyKMJQHfnCQ7Gy70z+vHj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2880 adfdba51de0fc3818e573713538a1cdc.exe -
Executes dropped EXE 1 IoCs
pid Process 2880 adfdba51de0fc3818e573713538a1cdc.exe -
Loads dropped DLL 1 IoCs
pid Process 2752 adfdba51de0fc3818e573713538a1cdc.exe -
resource yara_rule behavioral1/memory/2752-1-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral1/files/0x000a0000000122b8-12.dat upx behavioral1/files/0x000a0000000122b8-15.dat upx behavioral1/files/0x000a0000000122b8-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2752 adfdba51de0fc3818e573713538a1cdc.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2752 adfdba51de0fc3818e573713538a1cdc.exe 2880 adfdba51de0fc3818e573713538a1cdc.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2752 wrote to memory of 2880 2752 adfdba51de0fc3818e573713538a1cdc.exe 28 PID 2752 wrote to memory of 2880 2752 adfdba51de0fc3818e573713538a1cdc.exe 28 PID 2752 wrote to memory of 2880 2752 adfdba51de0fc3818e573713538a1cdc.exe 28 PID 2752 wrote to memory of 2880 2752 adfdba51de0fc3818e573713538a1cdc.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe"C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exeC:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2880
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
832KB
MD57f1cb3a3b853d0f9d72235e6950bc81c
SHA1cc479eccdc0cfb3ceb5c779286db520e53234096
SHA256f40593112167e2a1a2b565009f89ac2c9827125ca60ffdca9ee55258e1941f61
SHA51283b3dc5323e94fcdd7c726662f2e68d680f7e1ef21bda6565ae3f2266c1c900583d3674dcddf6ac04e1407196e944838598ac52b1200d15cc1a38375e17b6ff5
-
Filesize
1024KB
MD551436c2c843ec7951761a795b2eee24a
SHA1a87de43c631d36039a56294e96044bf88353ccd2
SHA256fbf3484132d1b0b426e2d1476a12a2289da88ccc709385b6b2b5b082f7ea6d1a
SHA512599450e9c820c6ff10d4c7a05d99178f8e4a419ff13fac03dbdd8381bd6fc5aa44c7428afba39c00b205a2564c96f036f95a557c6442a67d17784c23bfca6656
-
Filesize
960KB
MD52efe1b4d115269309d2dfaf7b2ef439f
SHA19e915c7070a472eb33c266abaa5c7fc05cbe64f7
SHA25684d97cb1bed63b9a0d3ee3a276aaa45bad38b4c45234b9dadcdfde767422af8e
SHA512014481232408298b6caeef115bb1e86b346f1d14c08b633cb25d3c50967991a3c981f71057bf171a730da6f246355a070f82f8e976bf7564ed2bbe0c90d9b16f