Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
07/03/2024, 12:16
Static task
static1
Behavioral task
behavioral1
Sample
b8b62dc902e8b2ed17b2145592064d60.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
b8b62dc902e8b2ed17b2145592064d60.exe
Resource
win10v2004-20240226-en
General
-
Target
b8b62dc902e8b2ed17b2145592064d60.exe
-
Size
1.0MB
-
MD5
b8b62dc902e8b2ed17b2145592064d60
-
SHA1
39e7194f1fd9e6cb2539345d5981bcb1ec55c5b4
-
SHA256
45b63e1696286da25adc59a253be185d086cde2d9ec17c9fccee83ae400de55a
-
SHA512
e06d9b2f449cc418cf5aa01975322c2025b474550faee478387b95b3dfc4124e800f689a9839dc0af3af7b85c19c3157eb2c4fb81930ed0fefbdf33fb5b17caf
-
SSDEEP
24576:7zXKqa8SEijjC+37liXbLbklmfB6/tbQdSmKBQXe:7z6qaakjC+3srLAKB61bQd3KaXe
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2052 hbxkuodje.exe -
Loads dropped DLL 1 IoCs
pid Process 2072 b8b62dc902e8b2ed17b2145592064d60.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\rkawq\hbxkuodje.exe b8b62dc902e8b2ed17b2145592064d60.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2072 wrote to memory of 2052 2072 b8b62dc902e8b2ed17b2145592064d60.exe 28 PID 2072 wrote to memory of 2052 2072 b8b62dc902e8b2ed17b2145592064d60.exe 28 PID 2072 wrote to memory of 2052 2072 b8b62dc902e8b2ed17b2145592064d60.exe 28 PID 2072 wrote to memory of 2052 2072 b8b62dc902e8b2ed17b2145592064d60.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8b62dc902e8b2ed17b2145592064d60.exe"C:\Users\Admin\AppData\Local\Temp\b8b62dc902e8b2ed17b2145592064d60.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Program Files (x86)\rkawq\hbxkuodje.exe"C:\Program Files (x86)\rkawq\hbxkuodje.exe"2⤵
- Executes dropped EXE
PID:2052
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
MD54ab4dd9f716198c52585eb1775a55bad
SHA1c213522c7c210f4bc75dfbd8296c3453bf48360c
SHA256c8ef465e709cec9e2aec12a541248fe1c763c1018dca70ee438d82f48ebaa006
SHA512a5ef9cb69ee91e0d2cf4465577c465dbcf7b18c88aa43d31c2bb70b1794d00381b472c2ea83af258d025b78773fc30c2551c9b77804174b3e2200ff9fa4cadcd