Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 21:57
Behavioral task
behavioral1
Sample
04fc9cfa373501815f82918aa522bce1.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
04fc9cfa373501815f82918aa522bce1.exe
Resource
win10v2004-20231215-en
General
-
Target
04fc9cfa373501815f82918aa522bce1.exe
-
Size
2.9MB
-
MD5
04fc9cfa373501815f82918aa522bce1
-
SHA1
7b534e8d0ebe8c38ad477ad1f8a54c9f3507821f
-
SHA256
1a2a6043f55d1d1f9cfccd22794705249b77cb7b158e20d7217e052179bd9bc7
-
SHA512
9556f41968a6e46b8697a8a2250c513614275f1fa725852ce024ff0e3bb4f7ab575ce2d9e9c1c811b687bd3ec1dab112891cf8b6e0dcb3b813da77501f2432af
-
SSDEEP
49152:I0fSffZVSSXIVFmzx3wp9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:MffZVP4nXpHau42c1joCjMPkNwk6
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3960 04fc9cfa373501815f82918aa522bce1.exe -
Executes dropped EXE 1 IoCs
pid Process 3960 04fc9cfa373501815f82918aa522bce1.exe -
resource yara_rule behavioral2/memory/3496-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/memory/3960-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000d000000023151-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3496 04fc9cfa373501815f82918aa522bce1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3496 04fc9cfa373501815f82918aa522bce1.exe 3960 04fc9cfa373501815f82918aa522bce1.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3496 wrote to memory of 3960 3496 04fc9cfa373501815f82918aa522bce1.exe 90 PID 3496 wrote to memory of 3960 3496 04fc9cfa373501815f82918aa522bce1.exe 90 PID 3496 wrote to memory of 3960 3496 04fc9cfa373501815f82918aa522bce1.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\04fc9cfa373501815f82918aa522bce1.exe"C:\Users\Admin\AppData\Local\Temp\04fc9cfa373501815f82918aa522bce1.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3496 -
C:\Users\Admin\AppData\Local\Temp\04fc9cfa373501815f82918aa522bce1.exeC:\Users\Admin\AppData\Local\Temp\04fc9cfa373501815f82918aa522bce1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3960
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD537b2cf80b1e00be227f0039f75eebd21
SHA13fc25941c52b7cd4a137cb0d64563f2bc4973db9
SHA256ffd33d0098b634ff3a9d1594a46d1404d086b9bda8cb8e5f2e86e048fe903292
SHA512d289d1e6d6c6f8efbaf4ceaf24a5f5e68f4249cf40eef45190218b4e3527096f8086589328983e81c36ddecb83d9698beef9314f3383a887525dbdb4dc642fe3