Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/03/2024, 07:12
Static task
static1
Behavioral task
behavioral1
Sample
c2c3c7ff4226e8946d4d0f53cbffcfcc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c2c3c7ff4226e8946d4d0f53cbffcfcc.exe
Resource
win10v2004-20240226-en
General
-
Target
c2c3c7ff4226e8946d4d0f53cbffcfcc.exe
-
Size
82KB
-
MD5
c2c3c7ff4226e8946d4d0f53cbffcfcc
-
SHA1
1cafc822b1262c673e604a243a85e1c8538d7175
-
SHA256
b3f6b07791c5156687e0a130f69adda54665eedbb3bc1beaa2bec110a3204f55
-
SHA512
7093bb4938317f9d9d0c888b3c1a49fe86fdf749de83f3d9b16756686341e418f15fc571d41e38c341093b605242e9ea5e7d47e978330c0a0e6b6de71a986cd2
-
SSDEEP
1536:Q57oGu+AKj0Q+ehqg3V358nk61AcINGOSymckxBZcdP3uplujVkrVWfL8PRfsLjK:QKGdA83V3Kk62prAckxBZcSuBkWfL81H
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2956 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Executes dropped EXE 1 IoCs
pid Process 2956 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Loads dropped DLL 1 IoCs
pid Process 2164 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2164 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2164 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 2956 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2956 2164 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 29 PID 2164 wrote to memory of 2956 2164 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 29 PID 2164 wrote to memory of 2956 2164 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 29 PID 2164 wrote to memory of 2956 2164 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\c2c3c7ff4226e8946d4d0f53cbffcfcc.exe"C:\Users\Admin\AppData\Local\Temp\c2c3c7ff4226e8946d4d0f53cbffcfcc.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Users\Admin\AppData\Local\Temp\c2c3c7ff4226e8946d4d0f53cbffcfcc.exeC:\Users\Admin\AppData\Local\Temp\c2c3c7ff4226e8946d4d0f53cbffcfcc.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2956
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD55293032b07fb2e35b9e0bd2059f8567e
SHA12ee2d10bfbd03a226347bc34df9affba2e76aae5
SHA2569a0dc157195b6d213075a37ae516ac857565090b436d127bc37ed726b159db76
SHA512600419006da0320588f8b04d18b968fa3632159ec4436fa78f26e4466a556bf18216b1113dcfcc9d1e71a693f94ce8ed7508171e2ca3376206e8c251cdc22a55