Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19/12/2024, 12:33
Behavioral task
behavioral1
Sample
kovaks.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
kovaks.exe
Resource
win10v2004-20241007-en
General
-
Target
kovaks.exe
-
Size
7.4MB
-
MD5
6873f30c0eba5250298b8cff4cae3219
-
SHA1
3d469ef32cf575ad30b49e37fb361d05f7a9f228
-
SHA256
cc5428bae6618b177dab013b8fedce5c389e72850a6fd2af9e20112743f6859b
-
SHA512
140d31205fd6032f4936b3016fb3e641a93f34fa43d23db10e0cf2dd5ed5ea10819ca9b373eae1059b642d687e0e302fd172949b5f06bfb61cd2f6344875360f
-
SSDEEP
98304:cbSibq7LA45urErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4E4TEGAuThA:cOMJwurErvI9pWjgfPvzm6gsFE4Th9y
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1740 kovaks.exe -
resource yara_rule behavioral1/files/0x0005000000019275-21.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 540 wrote to memory of 1740 540 kovaks.exe 31 PID 540 wrote to memory of 1740 540 kovaks.exe 31 PID 540 wrote to memory of 1740 540 kovaks.exe 31
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD5ccdbd8027f165575a66245f8e9d140de
SHA1d91786422ce1f1ad35c528d1c4cd28b753a81550
SHA256503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971
SHA512870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311