Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/06/2024, 01:09
Behavioral task
behavioral1
Sample
77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe
Resource
win10v2004-20240508-en
General
-
Target
77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe
-
Size
911KB
-
MD5
18cee91dd765a2cb57b70126f43c7dc1
-
SHA1
09d9165cbb09f16d0f7634c215deb164466c8169
-
SHA256
77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750
-
SHA512
9215f5872258cd49932b68f19f070e54acf6c82bdd778774327caf527060247417a82227ac6927c8d05e3bf325f64ec9fd27ed20b7a2b9402e639cbafae4f0aa
-
SSDEEP
24576:VEqr4MROxnF25bHKTlQarZlI0AilFEvxHibH:VEjMiwarZlI0AilFEvxHi
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2032 wrote to memory of 2216 2032 77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe 28 PID 2032 wrote to memory of 2216 2032 77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe 28 PID 2032 wrote to memory of 2216 2032 77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe 28 PID 2216 wrote to memory of 2600 2216 csc.exe 30 PID 2216 wrote to memory of 2600 2216 csc.exe 30 PID 2216 wrote to memory of 2600 2216 csc.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe"C:\Users\Admin\AppData\Local\Temp\77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\116iqslm.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1F93.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1F92.tmp"3⤵PID:2600
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD508ef09402d12312709a6bed4b906b316
SHA172e1604a41e2cc340aefd47548b3bbd473cb907d
SHA2564a63c91d3c83db34c20d84920614cf9761aeef04c532d35420581c44b605dbe5
SHA512fa12af699ddb6a306b5781541a4f1f04e04bfd576edf0fb85e9aa5f2654cebd44b1916b8c40dec014ab6ba12f849e123dbcbe160acce50a09ed7a23dea618418
-
Filesize
1KB
MD56bc12f267c71a186c9461694ed8b49ba
SHA195935c590079c2b0d5f8b39e270f8955df245ea1
SHA25672e5ae3b7d866618de94a970375bb382e6c6369c0989b1dd10530191c76f50ea
SHA512af45c79da253bed95811688104a411adeafac04e1f3a8ed0112f4b06ac95eba8340301d7f20aba5bf272d67d500b46a0109da28f77340a3c3789bd23dddceae4
-
Filesize
208KB
MD5250321226bbc2a616d91e1c82cb4ab2b
SHA17cffd0b2e9c842865d8961386ab8fcfac8d04173
SHA256ef2707f83a0c0927cfd46b115641b9cae52a41123e4826515b9eeb561785218d
SHA512bda59ca04cdf254f837f2cec6da55eff5c3d2af00da66537b9ebaa3601c502ae63772f082fd12663b63d537d2e03efe87a3b5746ef25e842aaf1c7d88245b4e1
-
Filesize
349B
MD5713ecffa335ed5d47142ce158aaf1785
SHA13383c8728c6e9d7f378aca3b47fa9554f189fd33
SHA25653c90eefa59cedbb99633e0df659a0e9929d236f381d0b98ccf8d71328aee4d3
SHA512a1322d2f5066a380d16620d0efdfdfb9d3deb1df83ebce7f0189f51d5cff8d6cfac22af2e3db52cb3389ee60e438b25db78f40f3c3a875dbc4489e0fd85bdf77
-
Filesize
676B
MD5988bb69d7363c003e926b7134aef4d4c
SHA17ba0fda97d1d4f04b39d2a003701a71eb33f29d8
SHA256a82cdaaa3fc3f3e9ab9a7e7152ff7dd88b1828d422bc3fca12e26f5c41dc68e1
SHA5123f559d38b686ab5e94e4dea1f9f4a0859998e1b03c39fd5d2a7711b8cbddffd2fb926b63954518598a4caba8c40f4b60dac8763b71790bd3425ed30534a05101