Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/03/2024, 19:04
Static task
static1
Behavioral task
behavioral1
Sample
426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe
Resource
win10v2004-20240226-en
General
-
Target
426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe
-
Size
192KB
-
MD5
3ee9de81669c8fc04fa4377c97bd3703
-
SHA1
5f6216cced23e7cf46ae12ee443c50bd08c23d98
-
SHA256
426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f
-
SHA512
b9b4d98a18550336ebf1f744b073d4f9f14b6562d6459870ffb129dab061604218cabcd721e6d8ff09f290d17d4e1ea237339cabacd6745e081ea696fa22e022
-
SSDEEP
3072:/3a5GFXTZdEQrTTAfJgrUysBZdBLA2iZSsmlcfRsfy3yNkxkzbUIz8Q:/3aUFD3EMTkxDpBcrXmSfRseyNlP+Q
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2188 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe -
Executes dropped EXE 1 IoCs
pid Process 2188 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe -
Loads dropped DLL 1 IoCs
pid Process 2320 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2188 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2320 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2188 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2320 wrote to memory of 2188 2320 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe 27 PID 2320 wrote to memory of 2188 2320 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe 27 PID 2320 wrote to memory of 2188 2320 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe 27 PID 2320 wrote to memory of 2188 2320 426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe"C:\Users\Admin\AppData\Local\Temp\426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exeC:\Users\Admin\AppData\Local\Temp\426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of UnmapMainImage
PID:2188
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\426e7f4d4d4d127fdb841dd14f1ff38c3af09f41f2040990c2154c894a7e0d4f.exe
Filesize192KB
MD5100ad98cffe30dd1a97b781c4ba751a6
SHA10e426359273755f5281080037ad9ee5200da53f4
SHA2563fa11c5b81bbf67bfc3703f89816fcfb9d5de5020dd6570eb00dc0ec652701c0
SHA5122f612d3d6d02783acbdf949a762f5ce989feb3e3126035e955b21b26afdf2232766c4a183099b6d3e0a070faacb01a7fd29d0f95ef4f74582d0cd5125a18cf59