Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
05/10/2024, 01:09
Behavioral task
behavioral1
Sample
2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe
Resource
win7-20240729-en
General
-
Target
2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe
-
Size
5.9MB
-
MD5
e95c0515d1d3bf9c2a6e0b20ba1ebd98
-
SHA1
8ca53ae3b33df086bd12d7fb31ada294f699bf9d
-
SHA256
2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f
-
SHA512
06b0513e21321ec3bf28b9ca8a5ab422e458fdf9a997c05cb3b3eeed0ca75d8f0586c0836cdf0c2d30f73937bda20a580e5903cc35238c4bc50cbffbb41ac705
-
SSDEEP
98304:i97mDSuXXOgRHtJQi9UWvGfqD8WOxfmjaa15uXaDvdCK/blzFS03iw7FwXR6nQek:ihmDZ5RHvUWvozWOxu9kXwvdbDlA03NE
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 3012 2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe -
resource yara_rule behavioral1/files/0x0005000000019c3c-21.dat upx behavioral1/memory/3012-23-0x000007FEF7170000-0x000007FEF75DA000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2008 wrote to memory of 3012 2008 2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe 31 PID 2008 wrote to memory of 3012 2008 2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe 31 PID 2008 wrote to memory of 3012 2008 2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe"C:\Users\Admin\AppData\Local\Temp\2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Users\Admin\AppData\Local\Temp\2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe"C:\Users\Admin\AppData\Local\Temp\2664862a4f87e91f92f17a26e6d0b0505db5a92720f2d7eb703e0f55a88eec3f.exe"2⤵
- Loads dropped DLL
PID:3012
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5b3ae142a88ff3760a852ba7facb901bc
SHA1ad23e5f2f0cc6415086d8c8273c356d35fa4e3ee
SHA2562291ce67c4be953a0b7c56d790b6cc8075ec8166b1b2e05d71f684c59fdd91a5
SHA5123b60b8b7197079d629d01440ed78a589c6a18803cc63cdeac1382dc76201767f18190e694d2c1839a72f6318e39dba6217c48a130903f72e47fa1db504810c1c