Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/03/2024, 17:52
Static task
static1
Behavioral task
behavioral1
Sample
129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe
Resource
win10v2004-20240226-en
General
-
Target
129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe
-
Size
79KB
-
MD5
c75f0822daa72fb47b28b7b21769855a
-
SHA1
d95d1348ea3fba808638d2d3e9006de787185346
-
SHA256
129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2
-
SHA512
f539a1200dfd8b486ba745ab67eeba0fff30445ed9ea0c596e5a423380fa0a9e45af12bdba49371cd292ca796b9834cb6f851c92796d5aabb8a87df212378005
-
SSDEEP
1536:zvto4eBdpfySdxOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zv23BdpfySdAGdqU7uy5w9WMyRN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2672 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2252 cmd.exe 2252 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2840 wrote to memory of 2252 2840 129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe 29 PID 2840 wrote to memory of 2252 2840 129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe 29 PID 2840 wrote to memory of 2252 2840 129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe 29 PID 2840 wrote to memory of 2252 2840 129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe 29 PID 2252 wrote to memory of 2672 2252 cmd.exe 30 PID 2252 wrote to memory of 2672 2252 cmd.exe 30 PID 2252 wrote to memory of 2672 2252 cmd.exe 30 PID 2252 wrote to memory of 2672 2252 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe"C:\Users\Admin\AppData\Local\Temp\129786335112b4a9372d46c283e7eaf7d28c32447cddecf5b2cd5861590819e2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2672
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5006647897ce241c4808eb860dd4f976f
SHA1ef06c3b91da91d4a299c0135d0b4ee5d40345d1d
SHA256b34d996c4ab42d9c0ed30a32362b07482a0a6b046137aec7a8c690b8db54273c
SHA51285976236d2d69b4ab401655d5283d1f96843a250475577cbf69b1637d820092df8eca162312c8fe872765ce70a44b3ee17a6e64fecb02891c52eee79970963d8