Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 12:24
Behavioral task
behavioral1
Sample
1e1bb50d1b247baf60f2243e42760efd.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1e1bb50d1b247baf60f2243e42760efd.exe
Resource
win10v2004-20231215-en
General
-
Target
1e1bb50d1b247baf60f2243e42760efd.exe
-
Size
1010KB
-
MD5
1e1bb50d1b247baf60f2243e42760efd
-
SHA1
dce135f07d0e3263f586778b0ed2608863ba423a
-
SHA256
533d962d2084f6306f40dca33c5a5a0a8408e61adc24b95fb13fccc161d178d7
-
SHA512
5d70940a91bcbaceb1f97f37a2ede74afed15b78728ed7d02ebb4e2f6c18b536d2d8e3fee21ceee61332dac3dac7f95cb890419958213e293bd11c9762c931f0
-
SSDEEP
12288:Vnjp8km4egkhfFYTfm6hiYc5plDFwrilMiYTfm:jvmfBmfduvlB7lbmf
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3416 1e1bb50d1b247baf60f2243e42760efd.exe -
Executes dropped EXE 1 IoCs
pid Process 3416 1e1bb50d1b247baf60f2243e42760efd.exe -
resource yara_rule behavioral2/memory/2372-0-0x0000000000400000-0x00000000004F1000-memory.dmp upx behavioral2/files/0x0006000000023239-12.dat upx behavioral2/memory/3416-14-0x0000000000400000-0x00000000004F1000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2372 1e1bb50d1b247baf60f2243e42760efd.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2372 1e1bb50d1b247baf60f2243e42760efd.exe 3416 1e1bb50d1b247baf60f2243e42760efd.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2372 wrote to memory of 3416 2372 1e1bb50d1b247baf60f2243e42760efd.exe 93 PID 2372 wrote to memory of 3416 2372 1e1bb50d1b247baf60f2243e42760efd.exe 93 PID 2372 wrote to memory of 3416 2372 1e1bb50d1b247baf60f2243e42760efd.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe"C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exeC:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3416
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1010KB
MD5ce7c55782e5fbf86e8d97198e006b199
SHA1f33e7a9af57513eeb9d31f02581c8afc46f28b13
SHA25619c0fa5c0d1fa6fb976a422fd6221685b279a06480c4eb04678b88a6138e2602
SHA512bf3aecb58ac8c3362ae754bb55e8e06551e540110ba072d886551478cae3ca9933c1f3259216536320656bbe360c053247e699de9f88330e98e92d37b1563b1c