Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/05/2024, 04:29
Static task
static1
Behavioral task
behavioral1
Sample
a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe
Resource
win10v2004-20240426-en
General
-
Target
a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe
-
Size
79KB
-
MD5
7041a154286dca20650111d425cb5824
-
SHA1
ee89d85ff5dbc86c7be778a19dd4e632b8b8ffff
-
SHA256
a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83
-
SHA512
2364c836648b185f8d0f8b6ef8d5ed99b5f51b2a87532b9aec2ae74370f538fa2594962640dfa962cc08c75f76b4b2e148971e0ee7bbd845c450fa797568aa3c
-
SSDEEP
1536:zvgM2E1o/OQA8AkqUhMb2nuy5wgIP0CSJ+5yxB8GMGlZ5G:zvgMa2GdqU7uy5w9WMyxN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2188 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1628 cmd.exe 1628 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1556 wrote to memory of 1628 1556 a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe 29 PID 1556 wrote to memory of 1628 1556 a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe 29 PID 1556 wrote to memory of 1628 1556 a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe 29 PID 1556 wrote to memory of 1628 1556 a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe 29 PID 1628 wrote to memory of 2188 1628 cmd.exe 30 PID 1628 wrote to memory of 2188 1628 cmd.exe 30 PID 1628 wrote to memory of 2188 1628 cmd.exe 30 PID 1628 wrote to memory of 2188 1628 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe"C:\Users\Admin\AppData\Local\Temp\a3798ecd7730d0c121c5804c305813ead043861bfcb293d223a106e4477c9d83.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2188
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5a80bec587dab9b92ceab34622e4b7219
SHA1b10b2d0a166d9af6dd20f4d56bdd94fc1ed19420
SHA256c41fb9db483fb45fa53989ed5fe6c8087e7e9eefd02ff233fea8b29ca3bd0034
SHA512f193840a71788d5947a76222c7c106a1cb43c062880cd988090d3da4f00d43824a5f59aafaae89a9bfe1b2c3219410a7c89a23102d02ed22d16eb5851b78f675