Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/03/2024, 19:10
Behavioral task
behavioral1
Sample
cc3319af3aa41f65f096144ddc637d3b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cc3319af3aa41f65f096144ddc637d3b.exe
Resource
win10v2004-20240226-en
General
-
Target
cc3319af3aa41f65f096144ddc637d3b.exe
-
Size
2.9MB
-
MD5
cc3319af3aa41f65f096144ddc637d3b
-
SHA1
7f3342d175a47bc0b8396eb9aec0be416ca967b2
-
SHA256
d376f3aec9b58a3c60233ea0d11f0fa1c2a69c7ae8ad035b18d9313c2771044c
-
SHA512
7df658a1434e8159af643547526910e741b7d7a2d68423d8f8133798215fd934bc6a3e75fbbc4450a231af8e72bf3118bb872c02917cbbe8e68c2ab1ec9054a2
-
SSDEEP
49152:Iw7xM9pM/UBMaBjndAPGITVCDfP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:vsM/UFlni6Dfgg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2968 cc3319af3aa41f65f096144ddc637d3b.exe -
Executes dropped EXE 1 IoCs
pid Process 2968 cc3319af3aa41f65f096144ddc637d3b.exe -
Loads dropped DLL 1 IoCs
pid Process 3008 cc3319af3aa41f65f096144ddc637d3b.exe -
resource yara_rule behavioral1/memory/3008-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0009000000012251-10.dat upx behavioral1/files/0x0009000000012251-13.dat upx behavioral1/memory/2968-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3008 cc3319af3aa41f65f096144ddc637d3b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3008 cc3319af3aa41f65f096144ddc637d3b.exe 2968 cc3319af3aa41f65f096144ddc637d3b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3008 wrote to memory of 2968 3008 cc3319af3aa41f65f096144ddc637d3b.exe 28 PID 3008 wrote to memory of 2968 3008 cc3319af3aa41f65f096144ddc637d3b.exe 28 PID 3008 wrote to memory of 2968 3008 cc3319af3aa41f65f096144ddc637d3b.exe 28 PID 3008 wrote to memory of 2968 3008 cc3319af3aa41f65f096144ddc637d3b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe"C:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exeC:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2968
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5ed7b659e85d1aebdf62bc2394c176346
SHA109d199953c695edc10376b67c09029b77e055301
SHA2561f648037da6d6a90ae6a5c36b053c446230a941eea49016c228ca347f777593b
SHA512d47ceea75fe3f245c9210f244d2589fa6ebe70cfa4eccc1907e57382f1bee6690486117cc0823d62c53740db1d9c49995089c6a82be35848815c6a2f3cdde1f3
-
Filesize
256KB
MD57807920c58b23fbebd3db4d09a017f0d
SHA13e263068536d0a118bea790f4fc2b57c341407e8
SHA25624630f42dce0136cfea20a81a8911a6be22b719bf17afbdb8a84dfb73f0017ce
SHA512e42d928813d32ae87f948e951ca948464ee3303159c072c4111bd394ebd1e0e6e53b3311202147c5d4b40eab449223dd4b82f2b7708cdca566f656b56939460c