Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04/03/2024, 14:16
Static task
static1
Behavioral task
behavioral1
Sample
b25672510d00721c43a202fe2a296100.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b25672510d00721c43a202fe2a296100.exe
Resource
win10v2004-20240226-en
General
-
Target
b25672510d00721c43a202fe2a296100.exe
-
Size
34KB
-
MD5
b25672510d00721c43a202fe2a296100
-
SHA1
a3d98bbc1588e035c025484ab430d11196b43c8b
-
SHA256
36e18f8741f4044d0306d57437dbc377c0bb7ded63bc7039817d6048de460b35
-
SHA512
9c751930003dec9daef8101d8b8e7d4e00ab8f6699ef138ef2a882d49f9f04ade6cbb47a53b6c28857dc345ea2119614494f1d23af2110174bc9c51ca3e0e4a4
-
SSDEEP
768:yJnBXxQ6WXewXYqYGYoOd1GSN+cotyoPqvj9Sn+c8lZS:6xQ6RfbGSocToPqZS7h
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1660 b25672510d00721c43a202fe2a296100.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\b25672510d00721c43a202fe2a296100 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b25672510d00721c43a202fe2a296100.exe" b25672510d00721c43a202fe2a296100.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1660 wrote to memory of 1940 1660 b25672510d00721c43a202fe2a296100.exe 28 PID 1660 wrote to memory of 1940 1660 b25672510d00721c43a202fe2a296100.exe 28 PID 1660 wrote to memory of 1940 1660 b25672510d00721c43a202fe2a296100.exe 28 PID 1660 wrote to memory of 1940 1660 b25672510d00721c43a202fe2a296100.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b25672510d00721c43a202fe2a296100.exe"C:\Users\Admin\AppData\Local\Temp\b25672510d00721c43a202fe2a296100.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:1940
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5e9837ceed39ecb8a686f996b8f766fad
SHA1937a91b1965241fdb147eafcc42d1d310125a43f
SHA25640c16bb7b99ff49f157e6dab18cc024c799f35140388760bd2bf03f87f0b2810
SHA51286263d53e644b8ccb64844e33fd9aed62b948918fb4d838918e5c6f8bdec5c673ffc9e05d57b8d2565410a0116be1aeac43b1ceb1b5c945635814ebfed644164