Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
21/07/2024, 16:59
Static task
static1
Behavioral task
behavioral1
Sample
eedf148e075731d79b1183b1d2dd2fa0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eedf148e075731d79b1183b1d2dd2fa0N.exe
Resource
win10v2004-20240709-en
General
-
Target
eedf148e075731d79b1183b1d2dd2fa0N.exe
-
Size
203KB
-
MD5
eedf148e075731d79b1183b1d2dd2fa0
-
SHA1
b36258cb54f4dce3c8b9b345fbab120a389e62a2
-
SHA256
5a8b4a699d047db03d9da60e85de9306ff0d80c9d70378a8b33ba44ed6028206
-
SHA512
659fc19843b662da16c316e0e62a6e405e342d9be4d377919adc5ee6e2c76838cbc4856667e2406c32f33bece932b14841941ebf45653b380372239e708fb3f4
-
SSDEEP
6144:Zg4hF4N64dPfG4DwbiM1G7wsyi4y3G1B78:6kF4w4dGRV1G7wNiZG1BA
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2056 eedf148e075731d79b1183b1d2dd2fa0N.exe -
Executes dropped EXE 1 IoCs
pid Process 2056 eedf148e075731d79b1183b1d2dd2fa0N.exe -
Loads dropped DLL 1 IoCs
pid Process 2680 eedf148e075731d79b1183b1d2dd2fa0N.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2680 eedf148e075731d79b1183b1d2dd2fa0N.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2056 eedf148e075731d79b1183b1d2dd2fa0N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2680 wrote to memory of 2056 2680 eedf148e075731d79b1183b1d2dd2fa0N.exe 31 PID 2680 wrote to memory of 2056 2680 eedf148e075731d79b1183b1d2dd2fa0N.exe 31 PID 2680 wrote to memory of 2056 2680 eedf148e075731d79b1183b1d2dd2fa0N.exe 31 PID 2680 wrote to memory of 2056 2680 eedf148e075731d79b1183b1d2dd2fa0N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exe"C:\Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exeC:\Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2056
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
203KB
MD52bd7041f6c1a2886ada4dcd26f59c629
SHA14781d985c4276b1119adb080c904b4577e9d7109
SHA256ad82dbe140298c13916c2636e6d9b2f2c0319eea3935e5c38a45ab14bbc2e29b
SHA5124ddc951120468ab02a68d4352ed3878a8b428463a3bfaadb5199d46a1a1b38d849139a3757fe5513e985c7312d883697bbd42d50e6b4dc9d7a086faf14da35fb