Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
212s -
max time network
223s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 17:07
Behavioral task
behavioral1
Sample
fb74545217334bfa2f3cb43fc264e268.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
fb74545217334bfa2f3cb43fc264e268.exe
Resource
win10v2004-20231215-en
General
-
Target
fb74545217334bfa2f3cb43fc264e268.exe
-
Size
2.9MB
-
MD5
fb74545217334bfa2f3cb43fc264e268
-
SHA1
54ec90eeb75c7ea3f1650c07cc0a861526867476
-
SHA256
248d1f2e4137c8397f44d7aeb3e46b194675304e421e12522c8c7afbba026935
-
SHA512
4fd15017101eb7b22fba3486ca3e3cfe0295743ae9d009558f4ac6b769ef9aaf49b6cb04a5a4007e853a04afcd0c803f3c7b0bd828ce6a4d1a374299bfdcd83e
-
SSDEEP
49152:7wVHSYKHqDDM9H+BhbndPpDVj9rFh6a7m2Ya2xn+95xy+xrKrdHWqPLD3g:7ay5qU9yf/BFh6iRYzxn+cErKrd2+g
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3500 fb74545217334bfa2f3cb43fc264e268.exe -
Executes dropped EXE 1 IoCs
pid Process 3500 fb74545217334bfa2f3cb43fc264e268.exe -
resource yara_rule behavioral2/memory/5056-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0008000000023204-11.dat upx behavioral2/memory/3500-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 5056 fb74545217334bfa2f3cb43fc264e268.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 5056 fb74545217334bfa2f3cb43fc264e268.exe 3500 fb74545217334bfa2f3cb43fc264e268.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5056 wrote to memory of 3500 5056 fb74545217334bfa2f3cb43fc264e268.exe 92 PID 5056 wrote to memory of 3500 5056 fb74545217334bfa2f3cb43fc264e268.exe 92 PID 5056 wrote to memory of 3500 5056 fb74545217334bfa2f3cb43fc264e268.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe"C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:5056 -
C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exeC:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3500
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD5e7204a90bf9cd70b6414d0f6cb7a8bfd
SHA140eef354c4ed3cf1d42c2f50f70a1895117221d6
SHA256f20eecb0a03b5c01792fae927bbded399fddc5fb10c42d0bf44b97470a8dbf99
SHA512d7cceab053db386285f70d89ffedb4c2a80ccb9f516348506a063950327655ebac00ceff0e3dc5b91a826a99bbb696844eb7ac31a73529f528a148bfb853e921