Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
06/07/2024, 04:46
Static task
static1
Behavioral task
behavioral1
Sample
436f484d5f1c67635fa834259de77720.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
436f484d5f1c67635fa834259de77720.exe
Resource
win10v2004-20240704-en
General
-
Target
436f484d5f1c67635fa834259de77720.exe
-
Size
4.4MB
-
MD5
436f484d5f1c67635fa834259de77720
-
SHA1
ba4bda556a8028e005a4bc7009b65708d826b559
-
SHA256
4af741425e72e424387538a3a01dbd11c05458c01067ccd7662ed4efaa122150
-
SHA512
41cb31ef954e441e88bd1a5b053877f246ffa4b06cfe4fd73550ddac83d304cf4c63fd235e75dfb2f75828d1f903f5a3de7bf5abd9176d41d3df57aec8b7a9ad
-
SSDEEP
98304:emhd1UryelLUmKlZyVRV7wQqZUha5jtSn:elFcZyVR2QbaZte
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3004 C0EF.tmp -
Executes dropped EXE 1 IoCs
pid Process 3004 C0EF.tmp -
Loads dropped DLL 2 IoCs
pid Process 2692 436f484d5f1c67635fa834259de77720.exe 2692 436f484d5f1c67635fa834259de77720.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2692 wrote to memory of 3004 2692 436f484d5f1c67635fa834259de77720.exe 30 PID 2692 wrote to memory of 3004 2692 436f484d5f1c67635fa834259de77720.exe 30 PID 2692 wrote to memory of 3004 2692 436f484d5f1c67635fa834259de77720.exe 30 PID 2692 wrote to memory of 3004 2692 436f484d5f1c67635fa834259de77720.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\436f484d5f1c67635fa834259de77720.exe"C:\Users\Admin\AppData\Local\Temp\436f484d5f1c67635fa834259de77720.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Users\Admin\AppData\Local\Temp\C0EF.tmp"C:\Users\Admin\AppData\Local\Temp\C0EF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\436f484d5f1c67635fa834259de77720.exe C557EE3ED3AB402F4C458C758F714B42D2611E2B6F283BE8CACD186ACA363B5FE5E87025DD4C1C2319A8CC5377E11789153F814E7884B9D8EBA03A340250EE892⤵
- Deletes itself
- Executes dropped EXE
PID:3004
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.4MB
MD546e043fc93362c4440cd6a387175e205
SHA1ec755b942ccd4a4a6f67ce43cba9530eebf253ff
SHA2563ea6688d0e1534a072af2b05e1257dc81d593a94cd6e103efdb7989b2c918317
SHA5127c51e10c8e21c54c6287831048ed01f4bbe10d2b4acc154471e5c271a6879d406b354f48cc8fe1d939e9228bacfa15be6594349fe4097ef5fffc70635b33e55b