Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

02/09/2024, 14:00

240902-ra95ca1hnl 7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 14:00

General

  • Target

    EvilSide_Loader_v1.1.exe

  • Size

    566KB

  • MD5

    5848e33da82ed47b0afcaf46aec5de7e

  • SHA1

    c4be79f940dff8595e9ea4d1226de73768d0a105

  • SHA256

    265bb10413b15be42cf03007a417f5a0edb52d126418d554c4d745a282d73c40

  • SHA512

    282fff9a806c589f27afe19901f9fd147d6ed42bf169842e845f47655688b08016d778662aa68ac22503960a22e06285e82829806f0796bf428bb20ef812d758

  • SSDEEP

    12288:deV5Tjfj0w+/NZCHWj8KHD1af22Obh4nmbv:defjfAwkMHWT4n2v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EvilSide_Loader_v1.1.exe
    "C:\Users\Admin\AppData\Local\Temp\EvilSide_Loader_v1.1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      2⤵
        PID:2324
      • C:\Users\Admin\AppData\Local\Temp\convar.exe
        "convar.exe"
        2⤵
        • Executes dropped EXE
        PID:2512

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\convar.exe

      Filesize

      526KB

      MD5

      2b11fcb0e9dd21e6e383e95f42689304

      SHA1

      3b8de6f03f9af5f10dfb609032280db917e2bb86

      SHA256

      8d90aa75447afbdb9ed6eb868ef0f60ad98fa59eeffcbbf9769887a0a3102653

      SHA512

      870022efae373ff4d867e265bad1914720b8ee286eeb307e1e61aeafa821aa67782081f6b9c991e756dc279548ca3428ee0fa4a23640bce5ba861d5b3deffb44