Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
07/08/2024, 20:56
Behavioral task
behavioral1
Sample
debatabledanger.exe
Resource
win7-20240704-en
General
-
Target
debatabledanger.exe
-
Size
14.3MB
-
MD5
0c4445ac2ec945e2e7a9cb45356aae87
-
SHA1
e03684decd9bda61dc6192badb269313c93f28c2
-
SHA256
f575b694fb467125716113ed82145bd59de41d54e799a9941888e392b7b3bc42
-
SHA512
074c2c9c4b7c277f4f5de57be63c74dc2fd5dad3075e11dc1622125269f4d22eee19332a09d1b8cc5f5a1ecc4b7d9f1730f1bf3ef8cd061484319f1e65c17de1
-
SSDEEP
393216:NZd1gPYVnNSMiL2Vmd6mzc/e47G99m4oLGQL:51gPQsyVmdZumQL
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2652 debatabledanger.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2652 debatabledanger.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2272 wrote to memory of 2652 2272 debatabledanger.exe 31 PID 2272 wrote to memory of 2652 2272 debatabledanger.exe 31 PID 2272 wrote to memory of 2652 2272 debatabledanger.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\debatabledanger.exe"C:\Users\Admin\AppData\Local\Temp\debatabledanger.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2272 -
C:\Users\Admin\AppData\Local\Temp\debatabledanger.exe"C:\Users\Admin\AppData\Local\Temp\debatabledanger.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2652
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD5c80b5cb43e5fe7948c3562c1fff1254e
SHA1f73cb1fb9445c96ecd56b984a1822e502e71ab9d
SHA256058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20
SHA512faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81