Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
20/04/2024, 23:41
Static task
static1
Behavioral task
behavioral1
Sample
7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe
Resource
win10v2004-20240412-en
General
-
Target
7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe
-
Size
5.4MB
-
MD5
bc5004b1cedaf1eb95b1ad680594db4b
-
SHA1
1e6c7cf4b5198a56c05cf988da4df9da3fdd2ffa
-
SHA256
7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf
-
SHA512
69eb68562bd6fa77143da20ec032c2358b6791506ac272cec3377f1dddde02f3f428891c0914fac7d7b0b0846bedc5bf3d49d2d6b236f2317c6773c9eefbdd54
-
SSDEEP
98304:emhd1UryeokPmmx47M1+zU+MV7wQqZUha5jtSyZIUh:elIMmmq7FjM2QbaZtliU
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2148 1AF0.tmp -
Executes dropped EXE 1 IoCs
pid Process 2148 1AF0.tmp -
Loads dropped DLL 2 IoCs
pid Process 3040 7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe 3040 7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3040 wrote to memory of 2148 3040 7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe 28 PID 3040 wrote to memory of 2148 3040 7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe 28 PID 3040 wrote to memory of 2148 3040 7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe 28 PID 3040 wrote to memory of 2148 3040 7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe"C:\Users\Admin\AppData\Local\Temp\7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Users\Admin\AppData\Local\Temp\1AF0.tmp"C:\Users\Admin\AppData\Local\Temp\1AF0.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7ad3bd362c80f0400fcd144cade6a910b48be355980b9d9d8c742baf1f066bbf.exe 3864AA58EF666AC07E564479FE25BFE82755018023D160A72EE00C620329DFE015FF2777F45C3E39071689C488C580D3061E4B2D6F7A47F32C44E366684A6BD02⤵
- Deletes itself
- Executes dropped EXE
PID:2148
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.4MB
MD5b56b4339316b0cc85b462af3a0691107
SHA19baf34173461c813adf9e0b8962687b4e04dc0d1
SHA2564bcda41c23897cd4f4ff232330cf2bc1b482ac51ed67faf0c184e034b26dd96d
SHA512aa4a4bf5605712d6bb48f86c5e5162edbb3bab706cae39aae9b53ad5f93b94a20b8a734baf65c0ef35e91b908eebefea13cc17cfbd257e462ef5ef7bc48db907