Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
07/03/2024, 14:28
General
-
Target
b8f476ee71f8d88a09d905af072da5d7.exe
-
Size
744KB
-
MD5
b8f476ee71f8d88a09d905af072da5d7
-
SHA1
b7dbdf72b10a82ae81bdb3995ac01adb92f0489b
-
SHA256
ebf18604f74166bf0573a87aed5db30863a3689a06ec95bbe523ac7d4c768e71
-
SHA512
1fe5f5c046d33e95328de276a76662487e88d94f2774d3316f9c5fad80344ee8e4bf175eab935f9cc6f74658111d06c56603e91f97bddc058c6e6d9b7cdb23be
-
SSDEEP
12288:uaHc64b888888888888W88888888888KjscV7TdjL47zdU5im/XPTI33rD+zG/ov:F86DIW7uvmQ0XLWezG/aYFkJR30F6rpb
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8f476ee71f8d88a09d905af072da5d7.exe"C:\Users\Admin\AppData\Local\Temp\b8f476ee71f8d88a09d905af072da5d7.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-7O1E0.tmp\b8f476ee71f8d88a09d905af072da5d7.tmp"C:\Users\Admin\AppData\Local\Temp\is-7O1E0.tmp\b8f476ee71f8d88a09d905af072da5d7.tmp" /SL5="$8001C,372121,121344,C:\Users\Admin\AppData\Local\Temp\b8f476ee71f8d88a09d905af072da5d7.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD534acc2bdb45a9c436181426828c4cb49
SHA15adaa1ac822e6128b8d4b59a54d19901880452ae
SHA2569c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb
-
Filesize
160KB
-
Filesize
160KB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
4KB