Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 12:57
Behavioral task
behavioral1
Sample
9374ca415443e99ad29fd646b4ab6312.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9374ca415443e99ad29fd646b4ab6312.exe
Resource
win10v2004-20231215-en
General
-
Target
9374ca415443e99ad29fd646b4ab6312.exe
-
Size
353KB
-
MD5
9374ca415443e99ad29fd646b4ab6312
-
SHA1
c3ac1b6fbd17eef29158ddce3455c1789e8617f4
-
SHA256
898b92b4faaa6403e96d7e4177990d62e59e734fb02be83a7de654b428879a9c
-
SHA512
49878aa18d83adce7ce82e55343e295adade3ba74335d986c9a0a6d76e9323844353e12df27c5933749d95bcfa7ef453c55637c7c04227d90976dcbe94c83538
-
SSDEEP
6144:H5xAZ2q3eaisJ3+w9auAB723qd2x2AXXuuVSUnj41/YdxfsLPrPwo+:IaTYuw9aBWeA2L1Unj4VYTfmE
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4812 9374ca415443e99ad29fd646b4ab6312.exe -
Executes dropped EXE 1 IoCs
pid Process 4812 9374ca415443e99ad29fd646b4ab6312.exe -
resource yara_rule behavioral2/memory/4988-0-0x0000000000400000-0x00000000004F1000-memory.dmp upx behavioral2/files/0x000600000001e71b-12.dat upx behavioral2/memory/4812-13-0x0000000000400000-0x00000000004F1000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4988 9374ca415443e99ad29fd646b4ab6312.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4988 9374ca415443e99ad29fd646b4ab6312.exe 4812 9374ca415443e99ad29fd646b4ab6312.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4988 wrote to memory of 4812 4988 9374ca415443e99ad29fd646b4ab6312.exe 88 PID 4988 wrote to memory of 4812 4988 9374ca415443e99ad29fd646b4ab6312.exe 88 PID 4988 wrote to memory of 4812 4988 9374ca415443e99ad29fd646b4ab6312.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe"C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exeC:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4812
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
353KB
MD5d95f39f75ccbf99fca5795294a258cb7
SHA17d2736b466c1019db168f847292bdda9017a59f3
SHA2566db020d98c53a293b507cec91d0ffdd864102e205d115eff20ce6179c3c7ec60
SHA512907412fd47599b74b1a7762dfd856b91f128a26f64f257fe834e163766059e42a510d68160f3949a86b8485e9b514e934d254c0e6a0f3c95dda6e6369bff5a7e