Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/03/2024, 04:45
Static task
static1
Behavioral task
behavioral1
Sample
f06a87018a50e8171c7f5fe125d2cb6e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f06a87018a50e8171c7f5fe125d2cb6e.exe
Resource
win10v2004-20240226-en
General
-
Target
f06a87018a50e8171c7f5fe125d2cb6e.exe
-
Size
62KB
-
MD5
f06a87018a50e8171c7f5fe125d2cb6e
-
SHA1
5a8c6363ee4a1d2c6f016892971376df0eb6d4c1
-
SHA256
d04f752b3e94d183f5da64d73e87723e6bac25d272bcf113a4204184993af45c
-
SHA512
49a1102e74acfeba04665ef149ed4163f6de906467725ea17dd3d1b64a00e83898ce018fff9ba6465e3aad02f4ff833feb23d3bc87445c730de988a8174b1270
-
SSDEEP
1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHNW0:btng54SMLr+/AO/kIhfoKMHdu
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2912 gewos.exe -
Loads dropped DLL 1 IoCs
pid Process 2196 f06a87018a50e8171c7f5fe125d2cb6e.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2196 f06a87018a50e8171c7f5fe125d2cb6e.exe 2912 gewos.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2912 2196 f06a87018a50e8171c7f5fe125d2cb6e.exe 28 PID 2196 wrote to memory of 2912 2196 f06a87018a50e8171c7f5fe125d2cb6e.exe 28 PID 2196 wrote to memory of 2912 2196 f06a87018a50e8171c7f5fe125d2cb6e.exe 28 PID 2196 wrote to memory of 2912 2196 f06a87018a50e8171c7f5fe125d2cb6e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\f06a87018a50e8171c7f5fe125d2cb6e.exe"C:\Users\Admin\AppData\Local\Temp\f06a87018a50e8171c7f5fe125d2cb6e.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Users\Admin\AppData\Local\Temp\gewos.exe"C:\Users\Admin\AppData\Local\Temp\gewos.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2912
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD53f3439ec5317dbd5b0f93a34eedcb6fb
SHA16e5243b0533868d1612ece107127197b337ccb50
SHA256660db0221908ce8973dd39a554b2fc2e9336aadee739bdac033375e65feeb5d7
SHA5125e01229e2ef636197641581c3395d9b042e5c2e08684d8e255483915c095683e9e96a59043867ff39fd76542e944aac1c6cdcd294f8451fa34f66d0055c38fdc