Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
21s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
11/07/2024, 01:38
Behavioral task
behavioral1
Sample
b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe
Resource
win10v2004-20240704-en
General
-
Target
b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe
-
Size
910KB
-
MD5
5156c02ba456505eb44557a77869bfe3
-
SHA1
02191371b5aaf6cebe08299c0860c44aed0cfbbc
-
SHA256
b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95
-
SHA512
8be628a58be0a5bbacdf4a829718b8b4f11f902b1f2363d382525f078a6ef4214f859f4a470a12901a7e441fac6420bf2f79411a8d74fac9a62e5c011ab060ac
-
SSDEEP
12288:FLshHIzFBmqvjdFB7dG1lFlWcYT70pxnnaaoawuSIh4BBpGQrZNrI0AilFEvxHv7:Xrv4MROxnFf/i1rZlI0AilFEvxHiooY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 560 wrote to memory of 2724 560 b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe 29 PID 560 wrote to memory of 2724 560 b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe 29 PID 560 wrote to memory of 2724 560 b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe 29 PID 2724 wrote to memory of 2824 2724 csc.exe 31 PID 2724 wrote to memory of 2824 2724 csc.exe 31 PID 2724 wrote to memory of 2824 2724 csc.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe"C:\Users\Admin\AppData\Local\Temp\b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:560 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\8rvuoxwo.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2405.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2404.tmp"3⤵PID:2824
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD5ae789753e36fc4d296f369d81c24e32a
SHA119f5917d9a74aea684b717f1fb6a595f50d7b8a7
SHA25678404653cb55de7512e382d1fd706edc257e9ce97fc762324f08d2adf589d2c3
SHA51277b2632f811f4fda08568e8ef3915076688c6b173f30c666f2b84177abee3491ddd8758407f4f4eb8ceb4c4b64996b4602070380bfe61c53c7182520f089b99e
-
Filesize
1KB
MD58ee1a4dad076e304a1b3735f1eefe73d
SHA14a55989ee4525d3b6c63596464c45099a39b0e8a
SHA2560bb8fd06e5c68bb6ad557909dc6b9037301f112d185732de68d93279d5b81f3b
SHA5121353252dee064620794301bc0c9ced102a7faa68283682e42c829b71a5d83d8785722380cbd7915958ed829c1a20a5ca904634adc2c69d3b15a3ed5f03ba6dd0
-
Filesize
208KB
MD5c555d9796194c1d9a1310a05a2264e08
SHA182641fc4938680519c3b2e925e05e1001cbd71d7
SHA256ccbb8fd27ab2f27fbbd871793886ff52ff1fbd9117c98b8d190c1a96b67e498a
SHA5120b85ca22878998c7697c589739905b218f9b264a32c8f99a9f9dd73d0687a5de46cc7e851697ee16424baf94d301e411648aa2d061ac149a6d2e06b085e07090
-
Filesize
349B
MD5bd1c60dc5a2a842c92f890a6dcd41698
SHA12327a1d8ecab24544cea91e4200af950baacd6a4
SHA256746321d6b4cbc3f6cb3ecd14cdbf77a01168dbc707d264f91a0939f876a7569a
SHA51226f4feaeb0ac735368ac29adfb22dca4d85ad16d5bdcff519a1c6304d01b35e51bb09b3f0d60873f2e3957050b4382dd7c9adc0f8c653be19c99b1c40043075b
-
Filesize
676B
MD501e574fdb4b4e153cfd3cd0bf6abcae8
SHA1711512e0cbcd7b0b9f3ae9c7252bd3cb72c3877c
SHA256e93ebc8330dc41323db8c471037b6da1316daa71ec8bf113e61525bc8f3e75e2
SHA512f376b22da254739e971866f9af5cce9fd37ef3679497cebb22e0280fe95849f10c43adb1fa2fa4933d2bfc5ea3d6df3aeb6fda582211ae9f8cdc68b11c026d73