Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
12/03/2024, 12:14
Behavioral task
behavioral1
Sample
c3582b05c1ee2ef091cb1b9e0d4235a6.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c3582b05c1ee2ef091cb1b9e0d4235a6.exe
Resource
win10v2004-20231215-en
General
-
Target
c3582b05c1ee2ef091cb1b9e0d4235a6.exe
-
Size
2.7MB
-
MD5
c3582b05c1ee2ef091cb1b9e0d4235a6
-
SHA1
f1d7b2cf142b99608870561be5996c61be06e30f
-
SHA256
a5e6cef0100b016ada33f9a543643d2f7f67652f87ecd3681bb194ffe9bf5c22
-
SHA512
300b0214df0f93b0614f31a37571700cd989ba2b68817fe2a7778bd152b8964201614242c5e23d662f042b5bbf98056fc6fb3b23182f738d4a7731bb2b840788
-
SSDEEP
49152:UlSJVlG5MyeY1X7aMJxWRCdIVxSN+CMt4El72W/vKbb//0Sw6j7CSwzBNTyMcp:UwK5MzY1LakWQixSNLMt4EMWabb//0Sn
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1756 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
Executes dropped EXE 1 IoCs
pid Process 1756 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
Loads dropped DLL 1 IoCs
pid Process 2064 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
resource yara_rule behavioral1/memory/2064-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000c00000001225d-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2064 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2064 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 1756 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2064 wrote to memory of 1756 2064 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 28 PID 2064 wrote to memory of 1756 2064 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 28 PID 2064 wrote to memory of 1756 2064 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 28 PID 2064 wrote to memory of 1756 2064 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe"C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exeC:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1756
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD534d1e2cbb1c1679c8484b622e21312fa
SHA19d3357ae243e5cf9b202ebbf5573c31253e33280
SHA2566dba4015ca659b9610b63589f1859f75c781de8d1304d5cefa29c1d2503bc4a9
SHA512d16836878ce104d15c0d2b12b6603535d2d103ea464a893022934d06f8f353ac2f63bc75e5d419cce67387a95e284e955bbfa4fe50dca2d4f9571a0a4779a749