Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
62s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28/12/2023, 23:08
Static task
static1
Behavioral task
behavioral1
Sample
fee2e78301fbf5e0edd354c1794f9e7b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
fee2e78301fbf5e0edd354c1794f9e7b.exe
Resource
win10v2004-20231215-en
General
-
Target
fee2e78301fbf5e0edd354c1794f9e7b.exe
-
Size
82KB
-
MD5
fee2e78301fbf5e0edd354c1794f9e7b
-
SHA1
3588721d6dfb505f4c279a778780220ebb574097
-
SHA256
c33aff373647e29453f029b81a78337aa51cf0ce898b8fc392a28484a296c6cc
-
SHA512
bb98ff7664e7362ef00f253eaabed78d68c316dd2c1e85ecd6c6f0d3c9b33a518bacb84dc122a046da477d0af2361f6081f4bb3b358f962f851d2dc01a8c75c0
-
SSDEEP
1536:21G5gM3INkqfZvUxPJLcO3aCLzYdaNayfvHyRQqjm794J2Tfjcz:UIgCdCZvUjLcOKyecp4Wfji
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4904 fee2e78301fbf5e0edd354c1794f9e7b.exe -
Executes dropped EXE 1 IoCs
pid Process 4904 fee2e78301fbf5e0edd354c1794f9e7b.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4384 fee2e78301fbf5e0edd354c1794f9e7b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4384 fee2e78301fbf5e0edd354c1794f9e7b.exe 4904 fee2e78301fbf5e0edd354c1794f9e7b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4384 wrote to memory of 4904 4384 fee2e78301fbf5e0edd354c1794f9e7b.exe 88 PID 4384 wrote to memory of 4904 4384 fee2e78301fbf5e0edd354c1794f9e7b.exe 88 PID 4384 wrote to memory of 4904 4384 fee2e78301fbf5e0edd354c1794f9e7b.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\fee2e78301fbf5e0edd354c1794f9e7b.exe"C:\Users\Admin\AppData\Local\Temp\fee2e78301fbf5e0edd354c1794f9e7b.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4384 -
C:\Users\Admin\AppData\Local\Temp\fee2e78301fbf5e0edd354c1794f9e7b.exeC:\Users\Admin\AppData\Local\Temp\fee2e78301fbf5e0edd354c1794f9e7b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4904
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5da7ee83d7a3eb78d591a46a36cb11a5a
SHA1e4bec37c6a68e242e42a27a70ee9d6754403c8e6
SHA256dce6def7c886df1e9810adfc8dcf82b7b8f932bc35f6294cb9ed1ea82fd9a88e
SHA512efc4a41d3d9731640f5f04617a7492fcfc200a0f80e98433d8762faf11595992ba206a318361530ebb69506c35b8c3e7e70829d7103e5ba5335f2134292c224e