Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
007037a8c51f463b92e1c802d23196be.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
007037a8c51f463b92e1c802d23196be.exe
Resource
win10v2004-20231215-en
General
-
Target
007037a8c51f463b92e1c802d23196be.exe
-
Size
82KB
-
MD5
007037a8c51f463b92e1c802d23196be
-
SHA1
095766e06f5b70b18b38d23cdf38c51e16a06bb8
-
SHA256
af2776260fb74d9d4723d1e127902b17dd07e8c359cc3cd4abb6383598c39ccd
-
SHA512
1ce5515ffec6512076e1ff1c657d48e8325a8ea3e6cf1325a928c22273840f1bcd55eca90ddaf063237c34a478306cae3dd96a14227d16c93527169b7df0e866
-
SSDEEP
1536:m72T0DE30GCXx7Fxs0rK4E9pe0s9ducdoajXxwQzsGTT5gdUO:1T0Z7BFxs0O4WiZjDIGhgdr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1016 007037a8c51f463b92e1c802d23196be.exe -
Executes dropped EXE 1 IoCs
pid Process 1016 007037a8c51f463b92e1c802d23196be.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2204 007037a8c51f463b92e1c802d23196be.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2204 007037a8c51f463b92e1c802d23196be.exe 1016 007037a8c51f463b92e1c802d23196be.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2204 wrote to memory of 1016 2204 007037a8c51f463b92e1c802d23196be.exe 89 PID 2204 wrote to memory of 1016 2204 007037a8c51f463b92e1c802d23196be.exe 89 PID 2204 wrote to memory of 1016 2204 007037a8c51f463b92e1c802d23196be.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe"C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exeC:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1016
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD517b9901b33f61997a09702ec7deed382
SHA18985b02a9b07fb264074c5a83ed1bd82333c6819
SHA256ea2efd56f8183c5ec5adcd02a659b098274a1f02f31063aacea5de1e75fb09c8
SHA512f74c4c65d8b6108915278b84b417cc7f512dbc61f5f7cae271bf5502d3e57f0fb2d7246e846fc3b42aba93180d108624c3209b652aa7fa77ead2bc829680ef4a