Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/02/2024, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan.Win32.Selfmod.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
HEUR-Trojan.Win32.Selfmod.exe
Resource
win10v2004-20240226-en
General
-
Target
HEUR-Trojan.Win32.Selfmod.exe
-
Size
218KB
-
MD5
11bf0d021b0aac3cba376326726a1633
-
SHA1
0c8e1f392cd8bfa11e8cf354ba78cc4d27bf6e15
-
SHA256
e9cc3b13dd371b062ecca23d4a78818a534fb7024e0e5af2859024a0b1f2e807
-
SHA512
334b706826f638676da887ba9cc57c302d1db6705a77993a728456231795945a0414b07554707cdd81664baaa5b35d4e095133e0ab049b6e71f6f262c741789c
-
SSDEEP
3072:m6j4LkjoaAW3YC1f1YBuPHBPB1wDKSRMHOMEcr3hZVDneCRpmiaoG9QxsM+NAFa:G2AnTU6DKMqOMdZVbXX9aLisM+Nea
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2924 HEUR-Trojan.Win32.Selfmod.exe -
Executes dropped EXE 1 IoCs
pid Process 2924 HEUR-Trojan.Win32.Selfmod.exe -
Loads dropped DLL 1 IoCs
pid Process 2296 HEUR-Trojan.Win32.Selfmod.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2296 HEUR-Trojan.Win32.Selfmod.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2924 HEUR-Trojan.Win32.Selfmod.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2296 wrote to memory of 2924 2296 HEUR-Trojan.Win32.Selfmod.exe 29 PID 2296 wrote to memory of 2924 2296 HEUR-Trojan.Win32.Selfmod.exe 29 PID 2296 wrote to memory of 2924 2296 HEUR-Trojan.Win32.Selfmod.exe 29 PID 2296 wrote to memory of 2924 2296 HEUR-Trojan.Win32.Selfmod.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exeC:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2924
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
218KB
MD5a5be874b6b1ecb909b84aceaf0ccf588
SHA1912a5fcc3d33ce6994f2199b2232a4880cf564f1
SHA25667e90379bc8f38bf5d8d5c1ccbbc5a2fd2f02138a5a6da854fc8d19754df08d2
SHA5129f2ca63015a10ad11348a2e94890f2ef1f9e07189fae5ef11c4efdfa22ec5fbe52ad6658bc6af7de0a23a8e3214b6ad22b52a57e68af563a7156c412e9a1bf47