Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
9s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
19/07/2024, 01:07
Behavioral task
behavioral1
Sample
12d1020017fff59c924e555b2045ddc0.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
12d1020017fff59c924e555b2045ddc0.exe
Resource
win10v2004-20240709-en
General
-
Target
12d1020017fff59c924e555b2045ddc0.exe
-
Size
27KB
-
MD5
12d1020017fff59c924e555b2045ddc0
-
SHA1
6c4a77d49f82bf9d35aef64fe56b0e5f889a5783
-
SHA256
13015a7268aa6a75597940c60c0361bd7fca6fc60223c95fc10c5274fa3fd3eb
-
SHA512
18694c005420d0bfcb20dcff7cb395723fb54604df291a3e830331b48ffd1010412c398372fcf5e912b1ec9ae7b0f571a1448f622a870917d993c0c8c5d03eaf
-
SSDEEP
384:aGpN5/SfmVoonJWpSu+Ip7JLyaBOEj63eVi06MCLGuiLKaPqS1m:fhZSoEpnp7JLyWWElhCSujaPS
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2852 hhcbrnaff.exe -
Loads dropped DLL 1 IoCs
pid Process 2368 12d1020017fff59c924e555b2045ddc0.exe -
resource yara_rule behavioral1/files/0x00070000000120f9-14.dat upx behavioral1/memory/2852-15-0x0000000000400000-0x000000000040F000-memory.dmp upx -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2368 12d1020017fff59c924e555b2045ddc0.exe 2852 hhcbrnaff.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2368 wrote to memory of 2852 2368 12d1020017fff59c924e555b2045ddc0.exe 30 PID 2368 wrote to memory of 2852 2368 12d1020017fff59c924e555b2045ddc0.exe 30 PID 2368 wrote to memory of 2852 2368 12d1020017fff59c924e555b2045ddc0.exe 30 PID 2368 wrote to memory of 2852 2368 12d1020017fff59c924e555b2045ddc0.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\12d1020017fff59c924e555b2045ddc0.exe"C:\Users\Admin\AppData\Local\Temp\12d1020017fff59c924e555b2045ddc0.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe"C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2852
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD544cc7bd2f7b4ef51a984d9469937cb24
SHA10bc057d8ec1c9ffff75cf49e88e5604e7703b902
SHA25693854ade59389290fcf2947ad4b36ac3fd101dd241586921b6d8a5380af0c49e
SHA512f3add3244c6a7ef3a5c7911ae884c6ff5494615a41b17171de6af3513f4ecc558a4b1f9ec1530a92dddbff751678cd6301ce663bb590746a95f78a2dc58a7cea