Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14/03/2024, 03:16
Static task
static1
Behavioral task
behavioral1
Sample
98f21680597a67f46f3653e6a08593ca.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
98f21680597a67f46f3653e6a08593ca.exe
Resource
win10v2004-20240226-en
General
-
Target
98f21680597a67f46f3653e6a08593ca.exe
-
Size
433KB
-
MD5
98f21680597a67f46f3653e6a08593ca
-
SHA1
335ca657bb8c8e172ea481f75d806d19520ff202
-
SHA256
0a61772271cae0f578631759452db42930074974d588bc8995c7e52f7a916da7
-
SHA512
879582357acf65733d90b2fa57feb9dc249a4c78aef2004ee03b9b6fd3302f8b556f895bfa322c49cc9ba8e6d1474c41257d4c6f37311295c4339d85c3723927
-
SSDEEP
12288:Ci4g+yU+0pAiv+V1hUbxxhVzghjj6nYBC9Ddf6pn:Ci4gXn0pD+VocknYc90
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1916 449E.tmp -
Executes dropped EXE 1 IoCs
pid Process 1916 449E.tmp -
Loads dropped DLL 1 IoCs
pid Process 1616 98f21680597a67f46f3653e6a08593ca.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1616 wrote to memory of 1916 1616 98f21680597a67f46f3653e6a08593ca.exe 28 PID 1616 wrote to memory of 1916 1616 98f21680597a67f46f3653e6a08593ca.exe 28 PID 1616 wrote to memory of 1916 1616 98f21680597a67f46f3653e6a08593ca.exe 28 PID 1616 wrote to memory of 1916 1616 98f21680597a67f46f3653e6a08593ca.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\98f21680597a67f46f3653e6a08593ca.exe"C:\Users\Admin\AppData\Local\Temp\98f21680597a67f46f3653e6a08593ca.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1616 -
C:\Users\Admin\AppData\Local\Temp\449E.tmp"C:\Users\Admin\AppData\Local\Temp\449E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\98f21680597a67f46f3653e6a08593ca.exe 8441B2DBEB8F2A90D0637B0DF7A0CEAF3CF9D48DD79CD101DBECF0A7EE89898C50B1CFDE94CA5B9D07D0B900414DB36560A678A2A43704EF33220059368BD3C12⤵
- Deletes itself
- Executes dropped EXE
PID:1916
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD54abbfa0fa926ab25f3fd4528e8ee37f4
SHA17fc9aa6b9d83bb21d8edb0bb01cdf02b1aa2749d
SHA256f7684dfcfd85951e75dcb5575e76ce1260494d81e127c421d3ddc85820de54a3
SHA5127adcb970d96cd0e6f5c47896d643e679ffb986c9aad438f5a2a5c485338e05c44934dfe4599239ea2a3c041872a61f64a99b51c9d1f46d43680002db4d1ae2b6