Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13/05/2024, 18:52
Static task
static1
Behavioral task
behavioral1
Sample
145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe
Resource
win10v2004-20240426-en
General
-
Target
145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe
-
Size
4.2MB
-
MD5
29a6c9b3a26443f7a7d12457f0ffef7d
-
SHA1
6b53187be7410a591aa090ecee0afddd96e1c52f
-
SHA256
145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a
-
SHA512
5c923b748d7a001b038e8ecfdfaa4a9a6eb804137b120bc7ffe0bc22d49c662713c4a06a9dc9e342f8f0024012711c5a1a1f91487bc32be8a60e859caca9f6d0
-
SSDEEP
98304:Cmhd1UryeaAR7i3yVLUjH5oxFbxhVLUjH5oxFbx:Cl6sVUjZEdhVUjZEd
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 620 22BD.tmp -
Executes dropped EXE 1 IoCs
pid Process 620 22BD.tmp -
Loads dropped DLL 2 IoCs
pid Process 2056 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe 2056 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2056 wrote to memory of 620 2056 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe 28 PID 2056 wrote to memory of 620 2056 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe 28 PID 2056 wrote to memory of 620 2056 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe 28 PID 2056 wrote to memory of 620 2056 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe"C:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Users\Admin\AppData\Local\Temp\22BD.tmp"C:\Users\Admin\AppData\Local\Temp\22BD.tmp" --splashC:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe A77D828B4FA2E76A580FD72EBB856F3358593141BD664E9CFE5E67072912FDA7AA60E1D2C008775872CF461C79E63EBDA473AB7101F4BDE759C3FAC5296ED92B2⤵
- Deletes itself
- Executes dropped EXE
PID:620
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.2MB
MD59c07e8df0bc109e62ec5ceef1354f363
SHA1fec476d903fe57322c38b117993b67fbe9009813
SHA256e9ad2e729903483ba1524fc4e8ab3db0c52925884ccae36e1f2104a5a8969fe5
SHA5126e8f013468d0d5c7d119013e59c3d88624cd0f6ed9fe221de2420bc729f12972a8a59d64415a9a7f4a8c74965772d2583bca7101449b5499b031789e5dbe099d