Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
28/04/2024, 18:55
Static task
static1
Behavioral task
behavioral1
Sample
161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe
Resource
win10v2004-20240226-en
General
-
Target
161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe
-
Size
416KB
-
MD5
86b2944ddf2530bbff846f83cb7b50c3
-
SHA1
cec74d7071b44f214d4a2c06737cee869da984b5
-
SHA256
161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6
-
SHA512
fe2138969c0976f157e80774d6f63b0a6bf460d399b2680ea5c35083e6ddfd0a50e031d027337d06d061aef333e0acd499907825576ccdbe9fc0fefce83d9561
-
SSDEEP
6144:QQIagQx6AipNYyVBmX55q5QB26bH3V40saiigCD4H2cHwXWzYpk+mFAH46WKc:Q2DipVwJ5NhVQ5zCD4TyWwiFAH4jKc
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3056 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe -
Executes dropped EXE 1 IoCs
pid Process 3056 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe -
Loads dropped DLL 1 IoCs
pid Process 1576 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1576 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 3056 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1576 wrote to memory of 3056 1576 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe 29 PID 1576 wrote to memory of 3056 1576 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe 29 PID 1576 wrote to memory of 3056 1576 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe 29 PID 1576 wrote to memory of 3056 1576 161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe"C:\Users\Admin\AppData\Local\Temp\161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Users\Admin\AppData\Local\Temp\161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exeC:\Users\Admin\AppData\Local\Temp\161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3056
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\161274daed12f112c462e802da7b817275996d071b79d3546a8cd0b42a5023e6.exe
Filesize416KB
MD51f54b9353fc17a425986ac0d334c348f
SHA1adc8c87c1ea1e50500c7455f7d79e96f870380d8
SHA256291904efa782ffd47de99a78f519036532dede939713b4f7a04bb431f1cce6c3
SHA5124a2abbd0d6d8fb692e5d214e2f8d15d198a59b70471bae44ac0cfc54d2c368ecbbcee004aec6564374bf77e06c7f8dfeebe9820a41122a04af7791e5af74807d