Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
04/05/2024, 02:44
Static task
static1
Behavioral task
behavioral1
Sample
c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe
Resource
win10v2004-20240426-en
General
-
Target
c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe
-
Size
416KB
-
MD5
65002ed754758a8927f543f837326dc8
-
SHA1
10963660bb3910059c2889e909949fdd5b731336
-
SHA256
c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76
-
SHA512
ae8450e0d18e91fcea298dd11665758681527fbc424a3194e8d5304be4db9db2a4650d9e33e9b4fa224a33cbe548402ed3cbfd4119ba4b742d0b8cbf151c4956
-
SSDEEP
6144:zMmCFy+ziioMX/a7Sj8V79H0W7cyqCxSngmMBqfycuPbUl0i5cD5J6KE:zMmezrX/jIV7j0npM4dl0v5JdE
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2632 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe -
Executes dropped EXE 1 IoCs
pid Process 2632 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe -
Loads dropped DLL 1 IoCs
pid Process 2916 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2632 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2916 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2632 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2632 2916 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe 28 PID 2916 wrote to memory of 2632 2916 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe 28 PID 2916 wrote to memory of 2632 2916 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe 28 PID 2916 wrote to memory of 2632 2916 c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe"C:\Users\Admin\AppData\Local\Temp\c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Users\Admin\AppData\Local\Temp\c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exeC:\Users\Admin\AppData\Local\Temp\c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of UnmapMainImage
PID:2632
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\c5bd0af1e6360c9a9fa695740595c96541bc89db5c19c7ecb5f0b299c9a95a76.exe
Filesize416KB
MD57b6ad3e920f4947a7a76a14fcbfc5d6b
SHA19e115eaab36fbf8663276ceaa5557ac4c53721e3
SHA25626858481034c9078d1472e8b64a86d075432895ae287f64c7259ec72f4396df9
SHA51223a742f85e21c9c83e1ab52fdc4c2df8a54676c956b4cb489fae43dc27c2204ce1c11e04977c1c50f8a4fa872deb3466d766b3e376069affc80de6d7a7be11f0