Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 18:29
Static task
static1
Behavioral task
behavioral1
Sample
091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe
Resource
win10v2004-20240226-en
General
-
Target
091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe
-
Size
73KB
-
MD5
0674b7da69bf5700192e3df91e6e9c96
-
SHA1
a1513d2c738968811b2f1ea6be74ee66bf3b0600
-
SHA256
091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205
-
SHA512
83b269cdf066a9f4561faba37a012aae017d5504e73eef7ee42679c00c3f7c17ee4c582a97ef4e2a6a1027320190eb47a0385bfaa3adaa98e00d3bd60daa8990
-
SSDEEP
1536:hbv3cJ5g500uSg9K5QPqfhVWbdsmA+RjPFLC+e5h+0ZGUGf2g:h7z00uSqNPqfcxA+HFsh+Og
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2820 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2816 cmd.exe 2816 cmd.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2964 wrote to memory of 2816 2964 091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe 29 PID 2964 wrote to memory of 2816 2964 091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe 29 PID 2964 wrote to memory of 2816 2964 091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe 29 PID 2964 wrote to memory of 2816 2964 091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe 29 PID 2816 wrote to memory of 2820 2816 cmd.exe 30 PID 2816 wrote to memory of 2820 2816 cmd.exe 30 PID 2816 wrote to memory of 2820 2816 cmd.exe 30 PID 2816 wrote to memory of 2820 2816 cmd.exe 30 PID 2820 wrote to memory of 2084 2820 [email protected] 31 PID 2820 wrote to memory of 2084 2820 [email protected] 31 PID 2820 wrote to memory of 2084 2820 [email protected] 31 PID 2820 wrote to memory of 2084 2820 [email protected] 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe"C:\Users\Admin\AppData\Local\Temp\091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2820
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 00.exe4⤵PID:2084
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize73KB
MD533e4c7451ac20d54c22dafb89983d4cd
SHA1c1287ad6a56502d343ae94eed8b5e06048936fca
SHA25600ebfb6adff874b6cd930e382ea324302ce74cf21e882e226ee546e2115a2bc8
SHA512856d6e2bfb5ff69a00cf4bea81ccbd7b08418847c3e11c01ea0de342f3489cc3950893ce77092e8c33932e74dea2fa771556dcf5981080bbf4e6bb65dd986729