Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
09/03/2024, 14:21
Static task
static1
Behavioral task
behavioral1
Sample
bc06b185b2ebe77da0eceefabb34e406.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
bc06b185b2ebe77da0eceefabb34e406.exe
Resource
win10v2004-20240226-en
General
-
Target
bc06b185b2ebe77da0eceefabb34e406.exe
-
Size
1.6MB
-
MD5
bc06b185b2ebe77da0eceefabb34e406
-
SHA1
1548f7b54492dd35d6dd8ab8fb772fc8ff837cb8
-
SHA256
7315f7c2f5aa05465579cf75721ed2eb6a4537ae0bcbefd3955487be9c3dde9b
-
SHA512
c63768a60de07b0ff50d02b751493a76970ffe4e3f4a28e369d77e6844bd684281dbc17acdeded4fd2ac2c992d8ea5ab51fa4f52b9a065bfe0a951d4912c83da
-
SSDEEP
24576:n4sz1a4PlLjOZjzeU1LHR0V9q9GNdHT231mfmK3zKq96BfQpV4QKSvEvkMY0gYGY:FPXOJzeaHqV9eGzzjXp7JsT26tMc
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2540 bc06b185b2ebe77da0eceefabb34e406.exe -
Executes dropped EXE 1 IoCs
pid Process 2540 bc06b185b2ebe77da0eceefabb34e406.exe -
Loads dropped DLL 1 IoCs
pid Process 2292 bc06b185b2ebe77da0eceefabb34e406.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2292 bc06b185b2ebe77da0eceefabb34e406.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2292 bc06b185b2ebe77da0eceefabb34e406.exe 2540 bc06b185b2ebe77da0eceefabb34e406.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2292 wrote to memory of 2540 2292 bc06b185b2ebe77da0eceefabb34e406.exe 28 PID 2292 wrote to memory of 2540 2292 bc06b185b2ebe77da0eceefabb34e406.exe 28 PID 2292 wrote to memory of 2540 2292 bc06b185b2ebe77da0eceefabb34e406.exe 28 PID 2292 wrote to memory of 2540 2292 bc06b185b2ebe77da0eceefabb34e406.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe"C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2292 -
C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exeC:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2540
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
802KB
MD53e73baffd3c67a098e626cc9600b3904
SHA1ff410020bc19f4983bb2405ead5b5cc92fdac86d
SHA2562b8d326b02e329700ff63d9b65ba2a8aa68baf070acfc0c64e3e8f43595bab27
SHA512b07f30a43e55d18d0a8f3d38c372df4740589e051f2df55f8beaba41682ae1adc887eeb2062417d756343b638b5f27a5c521cf104bd4fbb30c597b5e174867fd
-
Filesize
1.6MB
MD59b87929aacc4de066dc5b4bf400703f4
SHA164bbb2ae634a24454ae04b880090cc261d0d867f
SHA2565afa4e606d3275e43e77f7829e3c1338f320300d29e00557e6eb5a525b69cdd9
SHA51283d7c0e02aa0388dffb7a17a6f0cc3f630466c1ddc3f7eb43f2fd91092f2aba6a32646c6cd8995bb0fd871179775d0e256b23b8a43115fb56b5b01360bf6314e