Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 17:21
Behavioral task
behavioral1
Sample
ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe
Resource
win10v2004-20231215-en
General
-
Target
ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe
-
Size
5.8MB
-
MD5
ff76cc5bb7aaecbdbdde6ae592b0ef0a
-
SHA1
87456fcd211d949fcc1c131eb7f02fda318b20dc
-
SHA256
e6e7a0f2da53e04d64599a85d4487c44c6e983af58c34d95bce7dc9fc93391ea
-
SHA512
447051cb18ebb572cfefc809f10373fb4e6743ab4584eeec8abb212b702b7f683e31078ce6befbda6dd87f4c2ce76b6e33da3a87f0cdd18d3d49fefe5b17e7ec
-
SSDEEP
98304:vem/1gwg8L54HBUCczzM3dO/rQy+IJUTo4HBUCczzM3:vxdgCuWCByrh+HWC
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3372 ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe -
Executes dropped EXE 1 IoCs
pid Process 3372 ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe -
resource yara_rule behavioral2/memory/1032-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0006000000023221-11.dat upx behavioral2/memory/3372-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1032 ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1032 ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe 3372 ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1032 wrote to memory of 3372 1032 ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe 90 PID 1032 wrote to memory of 3372 1032 ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe 90 PID 1032 wrote to memory of 3372 1032 ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe"C:\Users\Admin\AppData\Local\Temp\ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1032 -
C:\Users\Admin\AppData\Local\Temp\ff76cc5bb7aaecbdbdde6ae592b0ef0a.exeC:\Users\Admin\AppData\Local\Temp\ff76cc5bb7aaecbdbdde6ae592b0ef0a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3372
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
148KB
MD55d0acbf1b04bf75b3efae95260066adb
SHA1a43e0d60a3d32714c757b5f65687c138e6c88c81
SHA2569ee030e424dbaf1d8d92bfa67f4acb7af515d1085811754d8aaaba8e9ad8fa4d
SHA51294e60b8980287752945241e90c88aa8e2e389ce53e738a5f71f8127306f19bc2f341e5592886c6aa669ab4c721e906d39bca461ff4b9cfbe46418ecdda9a94a6