Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
04/05/2024, 21:30
Static task
static1
Behavioral task
behavioral1
Sample
25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe
Resource
win10v2004-20240419-en
General
-
Target
25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe
-
Size
5.4MB
-
MD5
412aca1f8a9d5b2134672c7066ab83ba
-
SHA1
455db12b2aad0556c24154e106dc0cc10a2866ef
-
SHA256
25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396
-
SHA512
01a3452799a9d25af8e7917e9d7e7d20523c514d5eba685329bc9007edda06bab2c48ed9568a9ae25f7e46987168d5ece3dec843f44a92c4f8f5321a3e2a91cd
-
SSDEEP
98304:emhd1UryeqwQyLk7Y7OJTScMe8V7wQqZUha5jtSyZIUh:el9QyorF82QbaZtliU
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2936 915.tmp -
Executes dropped EXE 1 IoCs
pid Process 2936 915.tmp -
Loads dropped DLL 2 IoCs
pid Process 2100 25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe 2100 25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2100 wrote to memory of 2936 2100 25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe 28 PID 2100 wrote to memory of 2936 2100 25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe 28 PID 2100 wrote to memory of 2936 2100 25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe 28 PID 2100 wrote to memory of 2936 2100 25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe"C:\Users\Admin\AppData\Local\Temp\25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Users\Admin\AppData\Local\Temp\915.tmp"C:\Users\Admin\AppData\Local\Temp\915.tmp" --splashC:\Users\Admin\AppData\Local\Temp\25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe D8E86BB7F69E1E68794A09F7123AF6EE1C7937B851C56B85E6ED0492779731C559EF586CBF59E407CB34D6255C224C63B270061ADC7FFD33A0720E13F4EB71772⤵
- Deletes itself
- Executes dropped EXE
PID:2936
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.4MB
MD511a778de99e0b543fa30c204e9ac53a5
SHA19b322fe1d287e2c2038d6c42bcd0df2a2f13fe27
SHA256976f73c7e818e144810064397e591166958481b07595fec0a3fe8c5c1a5eaf7f
SHA5124d82ec179e506a71c4058c8c8655c32c1f17bebe7b540118324d9511967700c99ffe0dd62b1747e8d23f15f7598890445a654cb4c5d89bf85d2e9074f6a9aa10