Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
04/07/2024, 00:35
Static task
static1
Behavioral task
behavioral1
Sample
2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe
Resource
win10v2004-20240611-en
General
-
Target
2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe
-
Size
200KB
-
MD5
a68eb08da5641393687ca0705e423db0
-
SHA1
48300a4854e2f573b0338281eddc19b777e401f1
-
SHA256
2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28
-
SHA512
a33454db305c3a349481f9527aa225ea3358015b5176b32908e968800258e553683304cdf7d6bd7604fa5ffc3e612fc4b600ccd3bd47002d3b09607f6a8c98e8
-
SSDEEP
6144:XdjUIplSG5LrSvcwc7yeLGzSCsddc8G1B7u:hFSv7eLsBAdTG1BC
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2616 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe -
Executes dropped EXE 1 IoCs
pid Process 2616 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe -
Loads dropped DLL 1 IoCs
pid Process 1732 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1732 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2616 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2616 1732 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe 29 PID 1732 wrote to memory of 2616 1732 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe 29 PID 1732 wrote to memory of 2616 1732 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe 29 PID 1732 wrote to memory of 2616 1732 2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe"C:\Users\Admin\AppData\Local\Temp\2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Users\Admin\AppData\Local\Temp\2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exeC:\Users\Admin\AppData\Local\Temp\2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2616
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\2314accfaf747ef6c3063ee68ed2f91539faea3bb9a6bc1f97bada3f655feb28.exe
Filesize200KB
MD53d8d7f51a46539ce782e912edf12c0cd
SHA1cf83b8d34cec7cc979d924713b6a7619591640c7
SHA25627fc1b6901a468df2f04d17855d54c74419c307bdd4d51413c1f704709685e6a
SHA5121234b9df19ee95412c39500c095b4d07a1b8e93a096a8b23032cc5f26202f1e1bbab214cfdc88d3e7eee948c250648063c6f691eea7bc6d8c4adcd257c04c23c