Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/03/2024, 01:03
Static task
static1
Behavioral task
behavioral1
Sample
bd415929c3070c234d686d3e30269b04.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bd415929c3070c234d686d3e30269b04.exe
Resource
win10v2004-20240226-en
General
-
Target
bd415929c3070c234d686d3e30269b04.exe
-
Size
1.9MB
-
MD5
bd415929c3070c234d686d3e30269b04
-
SHA1
8d12e97f315419d2b06d32ec617a450d2cef1db3
-
SHA256
83ce37cb397f0b56039da57335d3f90f7359ddb988037c14577c6c119a6ee360
-
SHA512
3b1bbd4fcab599964a0c4e8be9c41079631985c5a2870e44028e7fe3d893157f708ca3ae087cfcbeada65abc18c44f7c0e33741e764df8e2f094eeddc1d96c43
-
SSDEEP
24576:dgdhhQGGnnazLpj4VHogiuGYNycAavew3mwmI1nk30sKbcGOyRWEMVM8w8sDDm0h:dqgazxcGYN139lnk30raY7zB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2264 uoqzrdyjitzaxg.exe -
Loads dropped DLL 1 IoCs
pid Process 2196 bd415929c3070c234d686d3e30269b04.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\txzvxvg\uoqzrdyjitzaxg.exe bd415929c3070c234d686d3e30269b04.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2264 2196 bd415929c3070c234d686d3e30269b04.exe 28 PID 2196 wrote to memory of 2264 2196 bd415929c3070c234d686d3e30269b04.exe 28 PID 2196 wrote to memory of 2264 2196 bd415929c3070c234d686d3e30269b04.exe 28 PID 2196 wrote to memory of 2264 2196 bd415929c3070c234d686d3e30269b04.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd415929c3070c234d686d3e30269b04.exe"C:\Users\Admin\AppData\Local\Temp\bd415929c3070c234d686d3e30269b04.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\txzvxvg\uoqzrdyjitzaxg.exe"C:\Program Files (x86)\txzvxvg\uoqzrdyjitzaxg.exe"2⤵
- Executes dropped EXE
PID:2264
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD527d340b0ab6a0d82d7e84cecfe52529d
SHA1197f4ab30afde6fa054aad7e1f910543c2b14d08
SHA256fdbaa452898ac5254f743ac756561dbf9d649f19ec7dc76cb79d19c9552b4e0b
SHA512b4ba21604b4fd793df99adf65c7f5efd30853348e1e4fcc703f1402fea81a423cb3361c6ff58117ba2732559b18ad99a90caf60dd01a2d51089926c7eaf31eee