Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/03/2024, 00:35
Static task
static1
Behavioral task
behavioral1
Sample
a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe
Resource
win10v2004-20240226-en
General
-
Target
a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe
-
Size
256KB
-
MD5
394767e5267d04b6a86ba5689b90e416
-
SHA1
df2d37241524b0ed0630b1f4f4c10588c691b2a3
-
SHA256
a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08
-
SHA512
730ef4563cd29bdc3070814b7cc70792c1b04d6fc397e1d6019faad8a8cdb2e0ce8970fa8fa439bf0ced6e319fafba2522e2e3d1b3e12907516fd5c9b2129bfe
-
SSDEEP
3072:VbIz9Nr4bYqzqP5TX8G70juzhZixzEIO3kgmdhQJPvAvAahrWjvQfxVOiwLkNo:yNMbJzMX7DMETkgmyPvA/FevYV40o
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1736 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe -
Executes dropped EXE 1 IoCs
pid Process 1736 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe -
Loads dropped DLL 1 IoCs
pid Process 2208 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2208 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1736 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2208 wrote to memory of 1736 2208 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe 29 PID 2208 wrote to memory of 1736 2208 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe 29 PID 2208 wrote to memory of 1736 2208 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe 29 PID 2208 wrote to memory of 1736 2208 a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe"C:\Users\Admin\AppData\Local\Temp\a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Users\Admin\AppData\Local\Temp\a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exeC:\Users\Admin\AppData\Local\Temp\a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1736
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\a0f3018a093a2e56ceeb139eb2826d48178685ee15e8f41ca871715e9dad9a08.exe
Filesize256KB
MD54bc5b01362d26c81f425e11c09cb0e84
SHA1b22955bcef413667ac39f9d632780a1d5847b7b5
SHA256a49db2212c941a099709e5d8a940bed8fdefa357dff6da24c694bb766f2cb7be
SHA5128853c1c8322acf27b313de3d1925722085ba2305b7d687346706d371861cf2e6c488ed3342395dc74bd0da01f222c2ae18e292c00a78428f53dcaab7992cbf80