Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/03/2024, 09:02
Behavioral task
behavioral1
Sample
dec92046a3aa28d0e0f7ecf7bbe2acc1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dec92046a3aa28d0e0f7ecf7bbe2acc1.exe
Resource
win10v2004-20240226-en
General
-
Target
dec92046a3aa28d0e0f7ecf7bbe2acc1.exe
-
Size
2.9MB
-
MD5
dec92046a3aa28d0e0f7ecf7bbe2acc1
-
SHA1
d5531ad9a3d5bd24c9923477d70b5969e64d6611
-
SHA256
267e043bc214de8278fdc2b49d3d1427a382c2f12a13c42f4389da32b5a1a589
-
SHA512
40b2790ee125e608fdcf35a2ab996af60eeafd2e4624b227fe2e6a2f5263bf01329cabe2dd6fd3760b1961d8f9f2ad827a3317383c93df3246f005c6e98bd891
-
SSDEEP
49152:yGrbEiE1QECdjMJ6V7ola9MSnCQIFP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:fFE1QbjMJqpxVIFgg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2332 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe -
Executes dropped EXE 1 IoCs
pid Process 2332 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe -
Loads dropped DLL 1 IoCs
pid Process 1924 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe -
resource yara_rule behavioral1/memory/1924-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0010000000012248-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1924 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1924 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe 2332 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1924 wrote to memory of 2332 1924 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe 28 PID 1924 wrote to memory of 2332 1924 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe 28 PID 1924 wrote to memory of 2332 1924 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe 28 PID 1924 wrote to memory of 2332 1924 dec92046a3aa28d0e0f7ecf7bbe2acc1.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exe"C:\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exeC:\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2332
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5974057b328fdfc6679e23c46ecb0f126
SHA189303e6ef013c8e46aebaade985bae2f64f1d2b9
SHA2563854811e3f4b7c84bab803a1ad8442329e69439d5989fdc3f024276c41d944de
SHA512fd3844f4250696a08b174d6662457ec466e168101d626dbf7efbe6f9bc7b1629d725b539ca4e2a0b04caedf68b2c3d4983461f25cb69a7888a0ca4a83663f73c