Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 20:01
Behavioral task
behavioral1
Sample
027cc29a378169652257d69e7254c5f2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
027cc29a378169652257d69e7254c5f2.exe
Resource
win10v2004-20231215-en
General
-
Target
027cc29a378169652257d69e7254c5f2.exe
-
Size
2.9MB
-
MD5
027cc29a378169652257d69e7254c5f2
-
SHA1
e9939e3b4462bef4a1a56b2d06dbedab80223ced
-
SHA256
e68141124685d932e5b77bb3b0740ca414689243b533e5ffe8dae31165da4cde
-
SHA512
bde92b09fba874548a33b97e660d6d862bd404b503965b74555bda886911d348f6b58952b76fc4711a69ca7780d8f43f0464d00472fd70ec4be6d2e7a1b7de30
-
SSDEEP
49152:dOFj3o9byZnteaU3GyNHZyJ8yct0QbN74NH5HUyNRcUsCVOzetdZJ:dG3o0tHUtN5y2tL4HBUCczzM3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1472 027cc29a378169652257d69e7254c5f2.exe -
Executes dropped EXE 1 IoCs
pid Process 1472 027cc29a378169652257d69e7254c5f2.exe -
resource yara_rule behavioral2/memory/3952-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000a0000000231e9-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3952 027cc29a378169652257d69e7254c5f2.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3952 027cc29a378169652257d69e7254c5f2.exe 1472 027cc29a378169652257d69e7254c5f2.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3952 wrote to memory of 1472 3952 027cc29a378169652257d69e7254c5f2.exe 19 PID 3952 wrote to memory of 1472 3952 027cc29a378169652257d69e7254c5f2.exe 19 PID 3952 wrote to memory of 1472 3952 027cc29a378169652257d69e7254c5f2.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe"C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3952 -
C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exeC:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1472
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5bb8ab90f25c3ccbd8f67d7346fb4906d
SHA1b4e2d17309b9b4962d2685ae21a805a48d9194fc
SHA256586b5622d373eaf9e38627834535427765b3026599ca8799f1aee53f7b496003
SHA512d369810106986caf6e1db15d996e79013ecf5670fa8c9ae7471bf9eebb3471cfe8028476fe1483930706bae87bfce8bd24eb5ecd07bfbb49fcd2cec23059a0d9