Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

07/08/2024, 20:56

240807-zrenrsxekg 7

07/08/2024, 20:51

240807-znjhjstfpl 7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 20:56

General

  • Target

    debatabledanger.exe

  • Size

    14.3MB

  • MD5

    0c4445ac2ec945e2e7a9cb45356aae87

  • SHA1

    e03684decd9bda61dc6192badb269313c93f28c2

  • SHA256

    f575b694fb467125716113ed82145bd59de41d54e799a9941888e392b7b3bc42

  • SHA512

    074c2c9c4b7c277f4f5de57be63c74dc2fd5dad3075e11dc1622125269f4d22eee19332a09d1b8cc5f5a1ecc4b7d9f1730f1bf3ef8cd061484319f1e65c17de1

  • SSDEEP

    393216:NZd1gPYVnNSMiL2Vmd6mzc/e47G99m4oLGQL:51gPQsyVmdZumQL

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\debatabledanger.exe
    "C:\Users\Admin\AppData\Local\Temp\debatabledanger.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Users\Admin\AppData\Local\Temp\debatabledanger.exe
      "C:\Users\Admin\AppData\Local\Temp\debatabledanger.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22722\python310.dll

    Filesize

    4.3MB

    MD5

    c80b5cb43e5fe7948c3562c1fff1254e

    SHA1

    f73cb1fb9445c96ecd56b984a1822e502e71ab9d

    SHA256

    058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

    SHA512

    faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81