Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/06/2024, 11:57
Static task
static1
Behavioral task
behavioral1
Sample
eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe
Resource
win10v2004-20240226-en
General
-
Target
eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe
-
Size
662KB
-
MD5
38352e0d20637fe078598221810e87a5
-
SHA1
1095aa8c60cd784ba2f4b7cda6e1f9044a464393
-
SHA256
eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd
-
SHA512
ba22415551fa0434e31c25b0c0ba2bd8bb7c125de4e8d0da588999c457f5101736e38d9edd0992009d9f25d3ed3383b68878fdb3ad57744a1ed8026ff9f2a232
-
SSDEEP
12288:8X/6dDqPkhJhW4KlYdMTUA8j0q7g2iZ1gwrRSUgxpcpLHP9XM45XJ:+6dDqPk/QYdMTP2bwrwUSSDVcgXJ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3016 EXE7B38.tmp -
Loads dropped DLL 2 IoCs
pid Process 1760 eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe 1760 eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3016 EXE7B38.tmp 3016 EXE7B38.tmp -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1760 wrote to memory of 3016 1760 eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe 28 PID 1760 wrote to memory of 3016 1760 eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe 28 PID 1760 wrote to memory of 3016 1760 eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe 28 PID 1760 wrote to memory of 3016 1760 eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe 28 PID 3016 wrote to memory of 2564 3016 EXE7B38.tmp 29 PID 3016 wrote to memory of 2564 3016 EXE7B38.tmp 29 PID 3016 wrote to memory of 2564 3016 EXE7B38.tmp 29 PID 3016 wrote to memory of 2564 3016 EXE7B38.tmp 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe"C:\Users\Admin\AppData\Local\Temp\eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\Users\Admin\AppData\Local\Temp\EXE7B38.tmp"C:\Users\Admin\AppData\Local\Temp\EXE7B38.tmp" "C:\Users\Admin\AppData\Local\Temp\OFM7B39.tmp" "C:\Users\Admin\AppData\Local\Temp\eebcbfa696c9f21dfac0985ff01717da284421a681301e45105224e4676479cd.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122883⤵PID:2564
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD5a8495549e3bf73da858a036ed8d232bd
SHA1700f77e52984e3f9f5e411e03be2740a1e5c1f00
SHA2568fa0bd2f6b2aafb63966ee3afc43dd4abd6bd81b32667509351fa41a3d84431f
SHA512ebfd2d47ade2627047fdf37c8c1edbde2ec06358f26503c36fce44020f48e3526d3460343f145aaf4b4d755fe3a1313b61c5b3762d38c1cdaa713e4cb6ef1432
-
Filesize
980KB
MD534cabedafaf5ce498d245242ac48670e
SHA17a78f2a64618448f8118203f3c7225f6f84622d0
SHA2566dbefd357dc6ad020b5f4c7597312029094bdf9cc08bf2ae911bb2617ab28b39
SHA5126801b911e4272093129cea416d4e8334250f6d393b4d634d251c22922f5c1906516cf53e2958011e7cb3e2a3e86ba74ea2547bbbcaba210db375ac0a6152fe18