Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/03/2024, 13:38
Static task
static1
Behavioral task
behavioral1
Sample
de2310fa8ae58fac0857a8d868d30a5b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
de2310fa8ae58fac0857a8d868d30a5b.exe
Resource
win10v2004-20240226-en
General
-
Target
de2310fa8ae58fac0857a8d868d30a5b.exe
-
Size
27KB
-
MD5
de2310fa8ae58fac0857a8d868d30a5b
-
SHA1
3308997e14249bc58a4e1b1bd0d752c3664a30a4
-
SHA256
77aaca79b369a7c8b6d39e019babaf24b7eb6ddec47f275332649f5d9a06fecf
-
SHA512
07607864fb1b40616e0a88030e1f6eecd66205283078f1a07e2ceeb7e8b541c831f9fe3f4cf06bceeb7f81da577bbfd037a78e8ef263629892f3ab26d892257d
-
SSDEEP
384:Psg7s+NENANJxjE3SahqB0OXS1qp0g+0lKQHCJYzu+4Wwqt71/Gpn3Kl7UoHtLoG:PHWA3uSahqqC0gPcYzu+0g/GpeNLd
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2204 winudpmgr.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center = "winudpmgr.exe" de2310fa8ae58fac0857a8d868d30a5b.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\winudpmgr.exe de2310fa8ae58fac0857a8d868d30a5b.exe File opened for modification C:\Windows\winudpmgr.exe de2310fa8ae58fac0857a8d868d30a5b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2812 wrote to memory of 2204 2812 de2310fa8ae58fac0857a8d868d30a5b.exe 28 PID 2812 wrote to memory of 2204 2812 de2310fa8ae58fac0857a8d868d30a5b.exe 28 PID 2812 wrote to memory of 2204 2812 de2310fa8ae58fac0857a8d868d30a5b.exe 28 PID 2812 wrote to memory of 2204 2812 de2310fa8ae58fac0857a8d868d30a5b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\de2310fa8ae58fac0857a8d868d30a5b.exe"C:\Users\Admin\AppData\Local\Temp\de2310fa8ae58fac0857a8d868d30a5b.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Windows\winudpmgr.exe"C:\Windows\winudpmgr.exe"2⤵
- Executes dropped EXE
PID:2204
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5de2310fa8ae58fac0857a8d868d30a5b
SHA13308997e14249bc58a4e1b1bd0d752c3664a30a4
SHA25677aaca79b369a7c8b6d39e019babaf24b7eb6ddec47f275332649f5d9a06fecf
SHA51207607864fb1b40616e0a88030e1f6eecd66205283078f1a07e2ceeb7e8b541c831f9fe3f4cf06bceeb7f81da577bbfd037a78e8ef263629892f3ab26d892257d