Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
176s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 23:50
Behavioral task
behavioral1
Sample
078dc605c5eb5df44d1105f51060ea9f.exe
Resource
win7-20231215-en
General
-
Target
078dc605c5eb5df44d1105f51060ea9f.exe
-
Size
784KB
-
MD5
078dc605c5eb5df44d1105f51060ea9f
-
SHA1
cd48719056ae6f8411c430c8e4e8bb2e799816ac
-
SHA256
2a8b40dff64b2ed6efb5904e87f5f1e94809bcae2d2d158e3b0ef8e705fa0d98
-
SHA512
8f6501d250ff454416f696a8d3d12a53cee406359bf5fdf29828d4ce95c8d9e188337ffb1b819e055a4c4cf316986936ab0273bc50014caeb86269631ce99a86
-
SSDEEP
12288:dZG81VmxrBQjSC4fu+I/SwJKEPT4WvZhCBY5rc541VDG7VLljmn+PYwt957H0D:y81VmlBQ2bmhSwf4WmSuS1A7DNhU
Malware Config
Signatures
-
XMRig Miner payload 7 IoCs
resource yara_rule behavioral2/memory/3868-2-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral2/memory/3868-12-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral2/memory/448-15-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral2/memory/448-21-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral2/memory/448-20-0x00000000053B0000-0x0000000005543000-memory.dmp xmrig behavioral2/memory/448-30-0x00000000005A0000-0x000000000071F000-memory.dmp xmrig behavioral2/memory/448-31-0x0000000000400000-0x0000000000587000-memory.dmp xmrig -
Deletes itself 1 IoCs
pid Process 448 078dc605c5eb5df44d1105f51060ea9f.exe -
Executes dropped EXE 1 IoCs
pid Process 448 078dc605c5eb5df44d1105f51060ea9f.exe -
resource yara_rule behavioral2/memory/3868-0-0x0000000000400000-0x0000000000712000-memory.dmp upx behavioral2/files/0x00070000000231e1-11.dat upx behavioral2/memory/448-13-0x0000000000400000-0x0000000000712000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3868 078dc605c5eb5df44d1105f51060ea9f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3868 078dc605c5eb5df44d1105f51060ea9f.exe 448 078dc605c5eb5df44d1105f51060ea9f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3868 wrote to memory of 448 3868 078dc605c5eb5df44d1105f51060ea9f.exe 91 PID 3868 wrote to memory of 448 3868 078dc605c5eb5df44d1105f51060ea9f.exe 91 PID 3868 wrote to memory of 448 3868 078dc605c5eb5df44d1105f51060ea9f.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\078dc605c5eb5df44d1105f51060ea9f.exe"C:\Users\Admin\AppData\Local\Temp\078dc605c5eb5df44d1105f51060ea9f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3868 -
C:\Users\Admin\AppData\Local\Temp\078dc605c5eb5df44d1105f51060ea9f.exeC:\Users\Admin\AppData\Local\Temp\078dc605c5eb5df44d1105f51060ea9f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:448
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD548ca3f8fef14a1723f6c437a0c2093e1
SHA1d446f48dd047c6d01cfebad288052df02d6205d1
SHA2563d952211020c1fa0303309020a5843510f7f8e3a3e6a89a43953bb12aadf939b
SHA5124c746ad7cf1edf34bfbb7393d0faea3c6e1c6eb9977f01bd3fd6db6d4ec58f20d6003cad35b84e6748017e8f0f70c786a29af5be313ea2f99f8a330247e7b764