Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 09:48
Behavioral task
behavioral1
Sample
828ed0d273d9025e31ad1f17a92b620e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
828ed0d273d9025e31ad1f17a92b620e.exe
Resource
win10v2004-20231215-en
General
-
Target
828ed0d273d9025e31ad1f17a92b620e.exe
-
Size
1.5MB
-
MD5
828ed0d273d9025e31ad1f17a92b620e
-
SHA1
06fb21c6b93c1eb0dade89e0e9c9d475538ca7f8
-
SHA256
dac1fb4c1d7439262c199a4b945c1b34573329098c693e1fff21b698e8ed4561
-
SHA512
f1576ef3e65d80b87c0dde67512786238ac4e4ad9425f1e49fb9cf7a4b865041b384c6578a30d62bfc8f0df7f00c97c98abdc2971b59dd6768001d897b1e3848
-
SSDEEP
24576:puoHMxv1fcazFF+ZBocEYxmRD+ylrLiJ1rQj0DR1sTvocW:FQxzFF+ZacElF0vs0DR1sjoc
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4908 828ed0d273d9025e31ad1f17a92b620e.exe -
Executes dropped EXE 1 IoCs
pid Process 4908 828ed0d273d9025e31ad1f17a92b620e.exe -
resource yara_rule behavioral2/memory/1424-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000600000002321e-11.dat upx behavioral2/memory/4908-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1424 828ed0d273d9025e31ad1f17a92b620e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1424 828ed0d273d9025e31ad1f17a92b620e.exe 4908 828ed0d273d9025e31ad1f17a92b620e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1424 wrote to memory of 4908 1424 828ed0d273d9025e31ad1f17a92b620e.exe 89 PID 1424 wrote to memory of 4908 1424 828ed0d273d9025e31ad1f17a92b620e.exe 89 PID 1424 wrote to memory of 4908 1424 828ed0d273d9025e31ad1f17a92b620e.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe"C:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1424 -
C:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exeC:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4908
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
377KB
MD58340f745757568671663a50cd8fb7117
SHA15fcc5e804258b8c2454b7b19aaecd8c226a434be
SHA25611d5b85f8a8282aa910618fe6158aa57b40b5baa69ce27827a6901ba8a796424
SHA51234797c846d45756b386cfe9734e7586c0fecddc1f9ce67a8ae6ff4903d8b3469b7465a05ca6a8f1292fdac58379ff3b790503cf3d261a1f718991470a908858a