Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
21/07/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
49a3d0b26fc91931ce43fc2fc51fe220N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
49a3d0b26fc91931ce43fc2fc51fe220N.exe
Resource
win10v2004-20240709-en
General
-
Target
49a3d0b26fc91931ce43fc2fc51fe220N.exe
-
Size
272KB
-
MD5
49a3d0b26fc91931ce43fc2fc51fe220
-
SHA1
2c3256237579c77c1c7b34faeb4db048e70e7f94
-
SHA256
be9c4ad379e677f95ef9c90b564662a2114864d64633b16f9bcc6c25f906d00b
-
SHA512
2dfacf0a0c69d7dcc9dc1c579be45891e6a981d49aad6ce42257ac39ffefbc1df56853980715811f11a94a6236b4ccaee8a3a839f80f3cf9c3d58c7b5d4cdfa9
-
SSDEEP
6144:mh+aGE8hUa0uNVQ7mfNPc1T9nHw+9yy6atBWOw:PFNVzPc1T9n/97tA
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2204 49a3d0b26fc91931ce43fc2fc51fe220N.exe -
Executes dropped EXE 1 IoCs
pid Process 2204 49a3d0b26fc91931ce43fc2fc51fe220N.exe -
Loads dropped DLL 1 IoCs
pid Process 2268 49a3d0b26fc91931ce43fc2fc51fe220N.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2268 49a3d0b26fc91931ce43fc2fc51fe220N.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2204 49a3d0b26fc91931ce43fc2fc51fe220N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2268 wrote to memory of 2204 2268 49a3d0b26fc91931ce43fc2fc51fe220N.exe 31 PID 2268 wrote to memory of 2204 2268 49a3d0b26fc91931ce43fc2fc51fe220N.exe 31 PID 2268 wrote to memory of 2204 2268 49a3d0b26fc91931ce43fc2fc51fe220N.exe 31 PID 2268 wrote to memory of 2204 2268 49a3d0b26fc91931ce43fc2fc51fe220N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exe"C:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exeC:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2204
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
272KB
MD510eb3277efed2956a81c020e842da589
SHA1af0c33bee53c2dcf7834dcfa02ba22dff34f3d2a
SHA256a081e2066df97e66541d8e6a507fa86804ec2dd776439031c605256ae84acb1b
SHA5129a3cae4720c966fee5592fda36dab237db0e573c119cf1ed374d90ec5e0063b4cfbcfb7c1cc47193b58c319b0303516dbe155792daa7b7bdeb1bcb51de7eb9ef