Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 00:08
Static task
static1
Behavioral task
behavioral1
Sample
ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe
Resource
win10v2004-20231215-en
General
-
Target
ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe
-
Size
79KB
-
MD5
6ca49604e4c1b41edfcda70f9592a976
-
SHA1
9bcdda5d66272345c900938b384abc3505ef0702
-
SHA256
ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951
-
SHA512
d3aba5527e801054598c8d557d58af15eaec0d6d10d41084270c08ba3a75a93a13c2c037315a1aa51b4d84aab5544b91a0b9eecc737a25f07836e470560f349d
-
SSDEEP
1536:zvl6vjpRmTZNk/OQA8AkqUhMb2nuy5wgIP0CSJ+5yMltB8GMGlZ5G:zvgvjpYZNk2GdqU7uy5w9WMyMXN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2252 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1724 cmd.exe 1724 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2052 wrote to memory of 1724 2052 ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe 29 PID 2052 wrote to memory of 1724 2052 ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe 29 PID 2052 wrote to memory of 1724 2052 ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe 29 PID 2052 wrote to memory of 1724 2052 ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe 29 PID 1724 wrote to memory of 2252 1724 cmd.exe 30 PID 1724 wrote to memory of 2252 1724 cmd.exe 30 PID 1724 wrote to memory of 2252 1724 cmd.exe 30 PID 1724 wrote to memory of 2252 1724 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe"C:\Users\Admin\AppData\Local\Temp\ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2252
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5fd25115ed53010b7dddd5d7fee181ade
SHA13deb6cbc23f40a451a17ca0df00cb11b3cf4059a
SHA2560de8253ac6c9f6ca6ee0134a2c1395f67b55201c43624bcbefcb8794085fcb86
SHA512670bc48a80d747285505aee52c08d22e361468205fdbca1cf7298b6d93b4c4c765878c4337a6a6baf5dfa8473fb00797791e55e9218dd4494124f55db6342dce