Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 05:57
Behavioral task
behavioral1
Sample
baaff9ad41f17f00b577a41281fe71e1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
baaff9ad41f17f00b577a41281fe71e1.exe
Resource
win10v2004-20240226-en
General
-
Target
baaff9ad41f17f00b577a41281fe71e1.exe
-
Size
2.9MB
-
MD5
baaff9ad41f17f00b577a41281fe71e1
-
SHA1
d32348dd24887bea85ad3c344699740ef685d886
-
SHA256
a77f42dfa14c72c7981820ced72aff9d28972e88b3f62dbc2b6e914187ce4a2d
-
SHA512
2a80e00927480e950212d41e4565afaef1366e58f01211750ace88893f55f8796c7e1432e9595879fed58d13debf6e366fe3083389b311ce00de96c141b15a84
-
SSDEEP
49152:1WU/cTgeQtQgUqEHX9wTNXqBUZ9zH0L02AKUXjDb/kqgn8EMOGj:Eqc0eQjUX9q5qGZ9zU4Trz8R8us
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2484 baaff9ad41f17f00b577a41281fe71e1.exe -
Executes dropped EXE 1 IoCs
pid Process 2484 baaff9ad41f17f00b577a41281fe71e1.exe -
Loads dropped DLL 1 IoCs
pid Process 2340 baaff9ad41f17f00b577a41281fe71e1.exe -
resource yara_rule behavioral1/memory/2340-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000c000000012339-15.dat upx behavioral1/memory/2484-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000c000000012339-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2340 baaff9ad41f17f00b577a41281fe71e1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2340 baaff9ad41f17f00b577a41281fe71e1.exe 2484 baaff9ad41f17f00b577a41281fe71e1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2340 wrote to memory of 2484 2340 baaff9ad41f17f00b577a41281fe71e1.exe 28 PID 2340 wrote to memory of 2484 2340 baaff9ad41f17f00b577a41281fe71e1.exe 28 PID 2340 wrote to memory of 2484 2340 baaff9ad41f17f00b577a41281fe71e1.exe 28 PID 2340 wrote to memory of 2484 2340 baaff9ad41f17f00b577a41281fe71e1.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe"C:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exeC:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2484
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
MD5e850ad991c0a0993082b14c4d06776b5
SHA18be388f5dea3476d5af5c2fca2bc3c088cf4a50f
SHA2561a985bccf0a09362b0454c3bbece6bcd29722fc70ff354d017e03778db8a4ac4
SHA512fc93db898110e379d2947f01701ce62b4277bcb15ff33131ab130df9ddfb4dcf17845e755cfc21d677f0be25493d65b3b19665cdeb91c1b2332077cdac034db9
-
Filesize
2.9MB
MD5e148795372c12a5106f856ae6f4f8ba5
SHA1242c2b3a7a5ab088b694256fc76b42e1af02a6f6
SHA25673b5a26c6440b19c9d8a4fe780bd50a989742ad3e413cbbb6c1a806d7e4203df
SHA512b4f6c3fcfa413b5443f0e8fec9a1693d71ed736e816c8b9fb0b4573a2092216f6120909e94935a8693686497490f1f30b8456de9f1fe11f0d94346767b0e7e51