Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 14:23
Behavioral task
behavioral1
Sample
bfa6206583f26651f0f5432b1d41bd49.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bfa6206583f26651f0f5432b1d41bd49.exe
Resource
win10v2004-20231215-en
General
-
Target
bfa6206583f26651f0f5432b1d41bd49.exe
-
Size
5.3MB
-
MD5
bfa6206583f26651f0f5432b1d41bd49
-
SHA1
40784f452e76b7a701c34a5bc9fe3d53ae9ca004
-
SHA256
3744359b038fd119bd7ceb27388c11057fd1d73078eb7176e8b842a7a401615d
-
SHA512
a8991703e680a5d9fd050556a1edf913a5609a54eb8c5e7e9f952c855453381bedf93da7f21da514fea061899073d2e4dad62b7ca6a0aba25e95d4b99d240936
-
SSDEEP
98304:C1zJd6ZHzfmxNqAznHjx3cksmvOnhzfmxNqAzn:zzQzbJcxnhzQzb
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 844 bfa6206583f26651f0f5432b1d41bd49.exe -
Executes dropped EXE 1 IoCs
pid Process 844 bfa6206583f26651f0f5432b1d41bd49.exe -
resource yara_rule behavioral2/memory/2264-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x00070000000231fc-13.dat upx behavioral2/memory/844-15-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2264 bfa6206583f26651f0f5432b1d41bd49.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2264 bfa6206583f26651f0f5432b1d41bd49.exe 844 bfa6206583f26651f0f5432b1d41bd49.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2264 wrote to memory of 844 2264 bfa6206583f26651f0f5432b1d41bd49.exe 89 PID 2264 wrote to memory of 844 2264 bfa6206583f26651f0f5432b1d41bd49.exe 89 PID 2264 wrote to memory of 844 2264 bfa6206583f26651f0f5432b1d41bd49.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfa6206583f26651f0f5432b1d41bd49.exe"C:\Users\Admin\AppData\Local\Temp\bfa6206583f26651f0f5432b1d41bd49.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Users\Admin\AppData\Local\Temp\bfa6206583f26651f0f5432b1d41bd49.exeC:\Users\Admin\AppData\Local\Temp\bfa6206583f26651f0f5432b1d41bd49.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:844
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
323KB
MD5b698292390207d1fffd425e457ca0eb8
SHA165fe2dcaca1a625bffce41435d0efe8f4c201b88
SHA256ae3241f7c0f2452c30986741fd634eb543f5caff8528353861c3e7b7e40a79bf
SHA512064270d6f0dad43518c1c15fbea3876a4dfb9d96a0cc914b90a6f1db456d82cc612b1a9040f157dd67d6bed564e85788769981bc2124d739e8eb4e828a854e6f