Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18/01/2025, 01:06
Static task
static1
Behavioral task
behavioral1
Sample
BstkDDU.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
BstkDDU.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
BstkRT.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
BstkRT.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Factura nº 9194633.exe
Resource
win7-20240903-en
General
-
Target
Factura nº 9194633.exe
-
Size
1.6MB
-
MD5
28f954593b46b475f4a38135b0fa5280
-
SHA1
4ad163cdc14bcb4c25cd6e9881bd1c8c2b18d20d
-
SHA256
ea789703ffd411a8b7706f230e4f41b531d1beeb49de0b7221095461e33f06b8
-
SHA512
c9befe00750d25b9755676a988fe11308a03406e85f0e5113e0c89738e4440542fd1dcdaa6ca9144314cb7c4ee0f3e1647b3595d8917e57ffeb2e8b61e455a77
-
SSDEEP
49152:446QlvaBVVYm+dHcj06ri8aDiR1qS+IqblHo7nYKiUWjPgU9bAd7rmDaMiUffAq4:4fQlSBVVYm+dHcw6ri8aDiR1qS+Iqbl4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2336 wrote to memory of 1636 2336 Factura nº 9194633.exe 32 PID 2336 wrote to memory of 1636 2336 Factura nº 9194633.exe 32 PID 2336 wrote to memory of 1636 2336 Factura nº 9194633.exe 32 PID 2336 wrote to memory of 1636 2336 Factura nº 9194633.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\Factura nº 9194633.exe"C:\Users\Admin\AppData\Local\Temp\Factura nº 9194633.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"2⤵PID:1636
-