Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
61s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
11/02/2025, 06:45
Behavioral task
behavioral1
Sample
passwd.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
passwd.exe
Resource
win10v2004-20250207-en
Behavioral task
behavioral3
Sample
szczur.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
szczur.exe
Resource
win10v2004-20250207-en
General
-
Target
szczur.exe
-
Size
60.0MB
-
MD5
9b7a4089dbad1e1e2b8a2a148ac3a74d
-
SHA1
3aec6c418e70a5d2f5addbaa7095ce66e0a40aaf
-
SHA256
f5a543375778ed6ecd291be0c20651f0b176271cd0d48ccab7506d5a9b1f3f31
-
SHA512
e88384fbe0c048b35bf78fb6408ed6d9bc44898258a80bb4e417be8bd7c69dc1491f6132919237426b445718dffeec786655ab3a20c3fc049064bf5071c485e2
-
SSDEEP
1572864:w2GKlEWjAOkiqOv8im2AzJE7Bbli0aVrwO:wnKa9OknOv8i3mSw0apw
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2144 szczur.exe -
resource yara_rule behavioral3/files/0x0003000000020b07-1153.dat upx behavioral3/memory/2144-1155-0x000007FEF5980000-0x000007FEF5F68000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3064 wrote to memory of 2144 3064 szczur.exe 30 PID 3064 wrote to memory of 2144 3064 szczur.exe 30 PID 3064 wrote to memory of 2144 3064 szczur.exe 30
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD587b5d21226d74f069b5ae8fb74743236
SHA1153651a542db095d0f9088a97351b90d02b307ac
SHA2563cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194
SHA512788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6