Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/03/2024, 15:08
Static task
static1
Behavioral task
behavioral1
Sample
d3d10b59be88134d921e7c98b5dfb4ae.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d3d10b59be88134d921e7c98b5dfb4ae.exe
Resource
win10v2004-20240226-en
General
-
Target
d3d10b59be88134d921e7c98b5dfb4ae.exe
-
Size
82KB
-
MD5
d3d10b59be88134d921e7c98b5dfb4ae
-
SHA1
57515c6ae130956ffad0b79e43f322bfc8809e8b
-
SHA256
94d5ae224bc9fa797fd38b0dcc069f433dbce12d69d60f3e763da1e660d0a023
-
SHA512
76edf24dc9e1e86cde38a2a94933f8ba77f3a90c5d146a89bf95a88d188a41f19ee24ecf2fd74c1ed4bd78ab1679a7ab0ed5eb6145581438e94a85a49850e203
-
SSDEEP
1536:zLHd0Wmjsy5qAKee6YM+vROyfgSRuJ8YBrqi0jyG9QdG0:vHyay5fDe5vROw/YboT9Z0
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1664 d3d10b59be88134d921e7c98b5dfb4ae.exe -
Executes dropped EXE 1 IoCs
pid Process 1664 d3d10b59be88134d921e7c98b5dfb4ae.exe -
Loads dropped DLL 1 IoCs
pid Process 2512 d3d10b59be88134d921e7c98b5dfb4ae.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2512 d3d10b59be88134d921e7c98b5dfb4ae.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2512 d3d10b59be88134d921e7c98b5dfb4ae.exe 1664 d3d10b59be88134d921e7c98b5dfb4ae.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2512 wrote to memory of 1664 2512 d3d10b59be88134d921e7c98b5dfb4ae.exe 29 PID 2512 wrote to memory of 1664 2512 d3d10b59be88134d921e7c98b5dfb4ae.exe 29 PID 2512 wrote to memory of 1664 2512 d3d10b59be88134d921e7c98b5dfb4ae.exe 29 PID 2512 wrote to memory of 1664 2512 d3d10b59be88134d921e7c98b5dfb4ae.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\d3d10b59be88134d921e7c98b5dfb4ae.exe"C:\Users\Admin\AppData\Local\Temp\d3d10b59be88134d921e7c98b5dfb4ae.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\d3d10b59be88134d921e7c98b5dfb4ae.exeC:\Users\Admin\AppData\Local\Temp\d3d10b59be88134d921e7c98b5dfb4ae.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1664
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5da79622a0ff268eeb5aa2e2f516432e4
SHA1529b3d02aaddaf47adeec442c1be16f27b86d222
SHA256317bdc436fb46d969aa906df5038619189d81e1c7ab89461416cc02d24bd7fc6
SHA5124efc4df88bad8ab245c761acb040e3f8335bbe0cd7b973effa8ccf69ca6c40e54ca8057f03d49537d16b8634b3f37866e7ad218600fd0df5bbefcee0251ff918