Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
08/10/2024, 10:55
Behavioral task
behavioral1
Sample
CBLines.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
CBLines.exe
Resource
win10v2004-20241007-en
General
-
Target
CBLines.exe
-
Size
6.8MB
-
MD5
3007ee10af667a5b7a08383e1075ffeb
-
SHA1
235a92053da4068ffc5071f5c7283aabc1eacd15
-
SHA256
e461f6d4f4386add20a92e5e0a057b1b2373cf598ecb585f0b3c7a187070ad82
-
SHA512
b0a61f79c904d1cfec1c12a3335e8af04e6849671793f8dc2840d4f2b25f698b4712c576cf7228975fab72c820f5367f1822947eefb1db932e5c20de9cf32318
-
SSDEEP
98304:EnkwN+MdA5wqMmSd8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBnLD:EnV1J+B6ylnlPzf+JiJCsmFMvcn6hVvX
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2704 CBLines.exe -
resource yara_rule behavioral1/files/0x00050000000193da-21.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2740 wrote to memory of 2704 2740 CBLines.exe 30 PID 2740 wrote to memory of 2704 2740 CBLines.exe 30 PID 2740 wrote to memory of 2704 2740 CBLines.exe 30
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD51e76961ca11f929e4213fca8272d0194
SHA1e52763b7ba970c3b14554065f8c2404112f53596
SHA2568a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0
SHA512ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b