Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 19:12
Static task
static1
Behavioral task
behavioral1
Sample
015ff421a7e5fb7484db6b2e48251f7a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
015ff421a7e5fb7484db6b2e48251f7a.exe
Resource
win10v2004-20231215-en
General
-
Target
015ff421a7e5fb7484db6b2e48251f7a.exe
-
Size
385KB
-
MD5
015ff421a7e5fb7484db6b2e48251f7a
-
SHA1
b157e1e2ef98ff9d9f7303b283c7e3ed58f94c9f
-
SHA256
74cc9df6f04476e7bfeca39780390dadb6b1122b2f5bc581d502dda7f62f058b
-
SHA512
a6453606f6ed664f7fc5d914f4d2175042e1e3e235b2e8c25ea83078174ca0ad3a63127f1f0703b9ffebe9f9bbb16ea9d0f3334d611dc1994ce102fe5e374812
-
SSDEEP
6144:Kw8fmuI/gUOv/1HswvILwFrqjx8K3SAYNc0mF+qXH0sxuvCT8GX+B:efm5gUSdHTILwFrkmK3QcFXvx8c+B
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 448 015ff421a7e5fb7484db6b2e48251f7a.exe -
Executes dropped EXE 1 IoCs
pid Process 448 015ff421a7e5fb7484db6b2e48251f7a.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 212 015ff421a7e5fb7484db6b2e48251f7a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 212 015ff421a7e5fb7484db6b2e48251f7a.exe 448 015ff421a7e5fb7484db6b2e48251f7a.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 212 wrote to memory of 448 212 015ff421a7e5fb7484db6b2e48251f7a.exe 88 PID 212 wrote to memory of 448 212 015ff421a7e5fb7484db6b2e48251f7a.exe 88 PID 212 wrote to memory of 448 212 015ff421a7e5fb7484db6b2e48251f7a.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\015ff421a7e5fb7484db6b2e48251f7a.exe"C:\Users\Admin\AppData\Local\Temp\015ff421a7e5fb7484db6b2e48251f7a.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:212 -
C:\Users\Admin\AppData\Local\Temp\015ff421a7e5fb7484db6b2e48251f7a.exeC:\Users\Admin\AppData\Local\Temp\015ff421a7e5fb7484db6b2e48251f7a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:448
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5d4891c2e6739d5989961bed707f2d50d
SHA100647be8c337da521b745dfda8944ab481f14259
SHA256d3aa117832d98fe752f7cf13878a9cc646e7f18ad4033cc6fc4a7bb6d2181c0d
SHA5122d9a2faec22d324dc64fc7eb354e457676a369c5f4b7d67c191f06bcbc11cd4566e1cdae2cc0fb3bbd9fa45cd1c5bdec8d8523e1769b24ca729dcfc2dd183714