Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/03/2024, 14:18
Static task
static1
Behavioral task
behavioral1
Sample
bed2493a79f1e46e5f731cd772bf867c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bed2493a79f1e46e5f731cd772bf867c.exe
Resource
win10v2004-20231215-en
General
-
Target
bed2493a79f1e46e5f731cd772bf867c.exe
-
Size
139KB
-
MD5
bed2493a79f1e46e5f731cd772bf867c
-
SHA1
1fb58ff6891307e8e5aad74c39eb45bc901717fe
-
SHA256
06e6c04c85e71e75778451ab5a665b6c55e40a0bb5a7cbff000beddd3e362810
-
SHA512
9c1ce0a48770d82ff9e316c4fd44443f94d453b44b598520d9b52824980c34f9e3ad89e7a08cf28baea84a62491e7083829df9fbaca2cea391a0ede90cd58753
-
SSDEEP
3072:CLtryv9mgi8pd7EVftRmpZqPcNm0fZBx2qhb:CLovMu7qftRiQUNXfZ3
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion bed2493a79f1e46e5f731cd772bf867c.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2884 set thread context of 2136 2884 bed2493a79f1e46e5f731cd772bf867c.exe 28 -
Program crash 1 IoCs
pid pid_target Process procid_target 2684 2136 WerFault.exe 28 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2884 bed2493a79f1e46e5f731cd772bf867c.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2884 bed2493a79f1e46e5f731cd772bf867c.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 2884 wrote to memory of 2136 2884 bed2493a79f1e46e5f731cd772bf867c.exe 28 PID 2884 wrote to memory of 2136 2884 bed2493a79f1e46e5f731cd772bf867c.exe 28 PID 2884 wrote to memory of 2136 2884 bed2493a79f1e46e5f731cd772bf867c.exe 28 PID 2884 wrote to memory of 2136 2884 bed2493a79f1e46e5f731cd772bf867c.exe 28 PID 2884 wrote to memory of 2136 2884 bed2493a79f1e46e5f731cd772bf867c.exe 28 PID 2884 wrote to memory of 2136 2884 bed2493a79f1e46e5f731cd772bf867c.exe 28 PID 2136 wrote to memory of 2684 2136 svchost.exe 29 PID 2136 wrote to memory of 2684 2136 svchost.exe 29 PID 2136 wrote to memory of 2684 2136 svchost.exe 29 PID 2136 wrote to memory of 2684 2136 svchost.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\bed2493a79f1e46e5f731cd772bf867c.exe"C:\Users\Admin\AppData\Local\Temp\bed2493a79f1e46e5f731cd772bf867c.exe"1⤵
- Checks BIOS information in registry
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Windows\SysWOW64\svchost.exe"C:\Windows\system32\svchost.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 1563⤵
- Program crash
PID:2684
-
-