Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
07/05/2024, 02:13
Static task
static1
Behavioral task
behavioral1
Sample
e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe
Resource
win10v2004-20240419-en
General
-
Target
e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe
-
Size
194KB
-
MD5
75620052eeaa55a9a52fe8008f4cee9b
-
SHA1
96807a8c9d3660ede2387689f310634519e92449
-
SHA256
e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652
-
SHA512
1c3e2ad803dbe5c79b52b443cd52cbc628a790893e9ab0e3bdfcf7eb648d2312bc9627150b3a36d20345407c47438318a021ae337fffc445082edad738169813
-
SSDEEP
3072:b28gf8MEmvmIFonpvwSF2SjahDYI93iK7GgE3PZeJ6Zwy6:y8gEbm64W2SE93i8KBeJ6Z
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1448 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe -
Executes dropped EXE 1 IoCs
pid Process 1448 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe -
Loads dropped DLL 1 IoCs
pid Process 3048 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3048 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1448 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3048 wrote to memory of 1448 3048 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe 29 PID 3048 wrote to memory of 1448 3048 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe 29 PID 3048 wrote to memory of 1448 3048 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe 29 PID 3048 wrote to memory of 1448 3048 e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe"C:\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exeC:\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1448
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe
Filesize194KB
MD50d4c426a32b1349b4af193a1145a6cc9
SHA1ded1af99d230e1cbef5dea53169392cfb7e8954c
SHA2560fe48aadcf45d5d3c44fc719e8fe9083cca0e973495938844c431727113faf72
SHA5129ee6b8d400cf8f59a141ad5e2cf4e16a09318b3343d3f35eea90e6d56b1becefd6a47a089acc9855097f797e1d53ca3ffaed0b1efb3c9bccd00e1c9ea958b2f7