Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 23:14
Behavioral task
behavioral1
Sample
06a0c1588216dad4af9029b248bfdfdd.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
06a0c1588216dad4af9029b248bfdfdd.exe
Resource
win10v2004-20231215-en
General
-
Target
06a0c1588216dad4af9029b248bfdfdd.exe
-
Size
5.8MB
-
MD5
06a0c1588216dad4af9029b248bfdfdd
-
SHA1
4fde696086552d58678aa9a3d1a13aed6ccb2883
-
SHA256
53d7348ec63c986a243e8d518ee4c5568450448ebc6bfd4b30dc67110388f04f
-
SHA512
6403eafa12e1e7f74588de80bfb46bb59618a7dd8bc4b27d6a2aa619035aaa5dd250b0676581d75132ec5a32aec1b49bf6ae626783bd7a4ec1b4952541be4831
-
SSDEEP
98304:IMcB1Ryg//FKLnDD32Lw3u4rkP5QfAKUJRIgtlSDD32Lw3u4rk:IMcBfyc6Cw3nCWAKKmCw3n
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4308 06a0c1588216dad4af9029b248bfdfdd.exe -
Executes dropped EXE 1 IoCs
pid Process 4308 06a0c1588216dad4af9029b248bfdfdd.exe -
resource yara_rule behavioral2/memory/3232-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000400000001e716-11.dat upx behavioral2/memory/4308-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3232 06a0c1588216dad4af9029b248bfdfdd.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3232 06a0c1588216dad4af9029b248bfdfdd.exe 4308 06a0c1588216dad4af9029b248bfdfdd.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3232 wrote to memory of 4308 3232 06a0c1588216dad4af9029b248bfdfdd.exe 92 PID 3232 wrote to memory of 4308 3232 06a0c1588216dad4af9029b248bfdfdd.exe 92 PID 3232 wrote to memory of 4308 3232 06a0c1588216dad4af9029b248bfdfdd.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe"C:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3232 -
C:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exeC:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4308
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
398KB
MD5c8826d097949c4ee104611d194c93da2
SHA11443d73cf1076a744fec4ca539441638d083f9a4
SHA256d8018f7e95e5da375569fef2408231edebb6019257c1cc994281832b6cd65932
SHA51292e6c27797506c6cbc82763f15e0462f67b2330a8b8de536e3cef1a613f1e59999f49c7b5747c57a4eb10406b7d4488001b99a0e2a128d623638347e3f9a3b72