Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/03/2024, 01:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bd524cae7aa56941e2283ff82346e2f5.exe
Resource
win7-20240221-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
bd524cae7aa56941e2283ff82346e2f5.exe
Resource
win10v2004-20240226-en
4 signatures
150 seconds
General
-
Target
bd524cae7aa56941e2283ff82346e2f5.exe
-
Size
1.6MB
-
MD5
bd524cae7aa56941e2283ff82346e2f5
-
SHA1
faa70c855a4405fbff04810a0ea4e5b395717f81
-
SHA256
9ccf9c66e3e161fcf01f96e83d167df57202f15891e221c4a16dc25ca83985a4
-
SHA512
b48cde98396e1ec9169b8dd5675a39b7a6cef9cdd3e4ebc382da8c9e8fe3f294cb8771f7e121def2f7018a074723b9458aa8a9993461c670ba66d3c757b1d570
-
SSDEEP
24576:Eb5kSYaLTVl6HaN1p6Tb8sMnZ6aU3CSDr0i7MZx/gBMuUFXeCghXx:Eb5k2L5jwlbtrrr7MDTPOCM
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1096 cmd.exe -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 2916 PING.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 744 bd524cae7aa56941e2283ff82346e2f5.exe 744 bd524cae7aa56941e2283ff82346e2f5.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 744 bd524cae7aa56941e2283ff82346e2f5.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 744 wrote to memory of 1096 744 bd524cae7aa56941e2283ff82346e2f5.exe 28 PID 744 wrote to memory of 1096 744 bd524cae7aa56941e2283ff82346e2f5.exe 28 PID 744 wrote to memory of 1096 744 bd524cae7aa56941e2283ff82346e2f5.exe 28 PID 1096 wrote to memory of 2916 1096 cmd.exe 30 PID 1096 wrote to memory of 2916 1096 cmd.exe 30 PID 1096 wrote to memory of 2916 1096 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd524cae7aa56941e2283ff82346e2f5.exe"C:\Users\Admin\AppData\Local\Temp\bd524cae7aa56941e2283ff82346e2f5.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:744 -
C:\Windows\system32\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\bd524cae7aa56941e2283ff82346e2f5.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Windows\system32\PING.EXEping 1.1.1.1 -n 1 -w 60003⤵
- Runs ping.exe
PID:2916
-
-