Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 16:19
Behavioral task
behavioral1
Sample
bbb4599beedabf0c14b01f19fe14c057.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bbb4599beedabf0c14b01f19fe14c057.exe
Resource
win10v2004-20240226-en
General
-
Target
bbb4599beedabf0c14b01f19fe14c057.exe
-
Size
2.4MB
-
MD5
bbb4599beedabf0c14b01f19fe14c057
-
SHA1
538718f6451e64b369b526c082d78c7455996813
-
SHA256
ce3cbe036bb53dfb26eb997a791fb27459d3b1aaca76849d7b611e2d9a145a52
-
SHA512
ccd54a45534ebd4d4cac475d0a4a97dbce169926afa6527b0d1c27b8e4c480f8b5ba9f1e3e4546e9c851874abee8f0fb5fbfa17c7dc8038f13594c325d8ce133
-
SSDEEP
49152:RkeLqVZnqmd5+9I8vOUOD+ixzqX9mQNP4M338dB2IBlGuuDVUsdxxjr:HL8bd5+9I8vDOD+dgg3gnl/IVUs1jr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2360 bbb4599beedabf0c14b01f19fe14c057.exe -
Executes dropped EXE 1 IoCs
pid Process 2360 bbb4599beedabf0c14b01f19fe14c057.exe -
Loads dropped DLL 1 IoCs
pid Process 1704 bbb4599beedabf0c14b01f19fe14c057.exe -
resource yara_rule behavioral1/memory/1704-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012257-13.dat upx behavioral1/files/0x000b000000012257-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1704 bbb4599beedabf0c14b01f19fe14c057.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1704 bbb4599beedabf0c14b01f19fe14c057.exe 2360 bbb4599beedabf0c14b01f19fe14c057.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1704 wrote to memory of 2360 1704 bbb4599beedabf0c14b01f19fe14c057.exe 28 PID 1704 wrote to memory of 2360 1704 bbb4599beedabf0c14b01f19fe14c057.exe 28 PID 1704 wrote to memory of 2360 1704 bbb4599beedabf0c14b01f19fe14c057.exe 28 PID 1704 wrote to memory of 2360 1704 bbb4599beedabf0c14b01f19fe14c057.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe"C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exeC:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2360
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD5bb12bde4180e6fedc16c69eb149f2b0c
SHA1a3c6422f627eb0bc52c049d299708e10132f1298
SHA256337f1095b5db7c426759ebb0e37c6e9848642dde1dab084b02fbe7f2656cb805
SHA5129e247cebe0a1bef40a661aaea5aa9c1590a5d13acf39766e999e8671532270294a11f54aef3aa66507ca29fdd9f8f78373345450c667a1c33049cdf9c77a48ab