Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
20/07/2024, 07:51
Static task
static1
Behavioral task
behavioral1
Sample
696dc28f0674f41742355b3f2e167270N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
696dc28f0674f41742355b3f2e167270N.exe
Resource
win10v2004-20240709-en
General
-
Target
696dc28f0674f41742355b3f2e167270N.exe
-
Size
39KB
-
MD5
696dc28f0674f41742355b3f2e167270
-
SHA1
8328d1843601bb6e4d44c70c7e156bd90f00913d
-
SHA256
b103827df422104e89b003c174c8442c879879b7ef886c943a3306b11f8d116f
-
SHA512
e544a7073a4df03b128c968d604f38774f67020a7f3921cf377ff4b3e5f2fdd05c9ccc5c3a764651480801d4eb4191a8f2eb3e2e58716bf9381d74cad4019971
-
SSDEEP
192:jEdMPnwR2bCL8KktnAs7lp1FHif+SjInE6rNr5TdWooAeXR/V49d444UefDSwpIX:jFPnwR2Ca1lpvH6dMtRe5/J0
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2168 gert.exe -
Loads dropped DLL 2 IoCs
pid Process 1380 696dc28f0674f41742355b3f2e167270N.exe 1380 696dc28f0674f41742355b3f2e167270N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1380 wrote to memory of 2168 1380 696dc28f0674f41742355b3f2e167270N.exe 30 PID 1380 wrote to memory of 2168 1380 696dc28f0674f41742355b3f2e167270N.exe 30 PID 1380 wrote to memory of 2168 1380 696dc28f0674f41742355b3f2e167270N.exe 30 PID 1380 wrote to memory of 2168 1380 696dc28f0674f41742355b3f2e167270N.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\696dc28f0674f41742355b3f2e167270N.exe"C:\Users\Admin\AppData\Local\Temp\696dc28f0674f41742355b3f2e167270N.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1380 -
C:\Users\Admin\AppData\Local\Temp\gert.exe"C:\Users\Admin\AppData\Local\Temp\gert.exe"2⤵
- Executes dropped EXE
PID:2168
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD5e6d545d3fec7aa2ed39ad316e42e6950
SHA1d09bbf30046083494d89c079f8ead2337afbc2d1
SHA25640695e976d5185428f901f1aecaedc2387fa00d44d3432dd62b357c60146400d
SHA512f769ef77ecbdd82f38739a1b8265534f6fff54e859d67a96e62038b95546953ef6c1a9c8536d442f153efe5af3957395b89b429b448db308c9bc5f83139cbc5d