Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14/03/2025, 14:34
General
-
Target
ff3caaf8fedc2a66a84495f0b66193b10f55c7b33f19b3c4913f6beefd4062d0.exe
-
Size
29KB
-
MD5
65f9bc6d305eeb8120fe975b912e77d9
-
SHA1
eb9393c07a1354b67cdf3cf8adc1a61144687c39
-
SHA256
ff3caaf8fedc2a66a84495f0b66193b10f55c7b33f19b3c4913f6beefd4062d0
-
SHA512
3b1dabf81089affd59837d1486b38db479460eb06da69f0e7e9940f8a8d2e6df41b0c9b53dc5bfc2e514148092a4e1bf25afb27cacded08c27562e6351520fab
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/r:AEwVs+0jNDY1qi/qT
Malware Config
Signatures
-
Detects MyDoom family 7 IoCs
-
MyDoom
MyDoom is a Worm that is written in C++.
-
Mydoom family
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ff3caaf8fedc2a66a84495f0b66193b10f55c7b33f19b3c4913f6beefd4062d0.exe"C:\Users\Admin\AppData\Local\Temp\ff3caaf8fedc2a66a84495f0b66193b10f55c7b33f19b3c4913f6beefd4062d0.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\services.exe"C:\Windows\services.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD5bf867319b123f5baba26a6217102635e
SHA13df1160d6d79feebbd4322d949262908c3f7bfc9
SHA25616bc97a9059afcf976d3d8ae192ce1a76a04ee6f6ebd14fe60d74878bf1681d3
SHA5125f133b44377894e3775dad5b462a9767970863589b1b0cd72c041b6450d1da1ce17e3253463101e45e335df31276d3abc81046c7f81aec4f69b64b1650fca61a
-
Filesize
29KB
MD57dadda08b47cc1fd195774682c3f86c2
SHA1eaba1e676c0ad1e647ed212d8d7170dbacad9633
SHA25671ae19c6963c8e9f0f0b88161bbc8b2cc8e84cfab0ce9b013b70967c851bc681
SHA5121eb3fee09da5b4b766a849300f27f9e73abf4fab0530134e8c932288861a51af7d05b462fd573f66b81cd2f925d698fbbd9016c5f50a930ee755631d1a248e1e
-
Filesize
320B
MD561d32231cf5817cc3f3882a5fc186411
SHA167518cb78cad5eb27144d494ba4f244090bae2ed
SHA256ad3dad13150a0ea5140cb0e79ec4323e3d1a9563c7b8ecf33cac5aa633d6a7b3
SHA51279bcc8786f7b2db1cedef510591649466b2c264b36a6c709e47779796c8f9d99520168f52abbebd7790bdba23358e2eb61ce6b7238f8a41fb572b4c08f118a4e
-
Filesize
320B
MD5a8d20857934f072ce96195620b5dc38a
SHA11f4067a847e95b25a0a75034e8123b6a1c4abe85
SHA256a16b68db0dd7b3cf55ce7c80207d22d329d282446555223b8f025492b1645c71
SHA5126057faaa5a0371f904945b955f7c36b9b51a9d43048b86c81c17bbb3f097928ce6b63a66a3e3c58ab0e656b5a37c2053e71a687c4bcb97c2526735a7e3eba7d0
-
Filesize
8KB
MD5b0fe74719b1b647e2056641931907f4a
SHA1e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA5129c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB