Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
166s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 23:16
Behavioral task
behavioral1
Sample
1fb47bccf43b6bf050159bebc32257a6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1fb47bccf43b6bf050159bebc32257a6.exe
Resource
win10v2004-20231215-en
General
-
Target
1fb47bccf43b6bf050159bebc32257a6.exe
-
Size
10.6MB
-
MD5
1fb47bccf43b6bf050159bebc32257a6
-
SHA1
00168250b5241cb05b3a4f35355da4e9a891f4bc
-
SHA256
eaa47b7774677b023ae0a53afd136fb9e3b39d60d68649db0d59f8e599d613c9
-
SHA512
690f5e640919aafd9731f733fb49141255992ccdd29259f66c3c8105afbb0d3c46eb0b080d2ae173cf038b271683d9b21be78be1b322e0c6e9c2cee8160e4e1c
-
SSDEEP
196608:lBC1Wk2qGtyB/rnCeKaRz+wnXGtyB/rnC1tzBxbnBGtyB/rnCeKaRz+wnXGtyB/Y:HOWaGtyB/r3TRnGtyB/rwtzXBGtyB/rS
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 316 1fb47bccf43b6bf050159bebc32257a6.exe -
Executes dropped EXE 1 IoCs
pid Process 316 1fb47bccf43b6bf050159bebc32257a6.exe -
resource yara_rule behavioral2/memory/5008-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/memory/316-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0006000000023228-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 5008 1fb47bccf43b6bf050159bebc32257a6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 5008 1fb47bccf43b6bf050159bebc32257a6.exe 316 1fb47bccf43b6bf050159bebc32257a6.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5008 wrote to memory of 316 5008 1fb47bccf43b6bf050159bebc32257a6.exe 93 PID 5008 wrote to memory of 316 5008 1fb47bccf43b6bf050159bebc32257a6.exe 93 PID 5008 wrote to memory of 316 5008 1fb47bccf43b6bf050159bebc32257a6.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\1fb47bccf43b6bf050159bebc32257a6.exe"C:\Users\Admin\AppData\Local\Temp\1fb47bccf43b6bf050159bebc32257a6.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:5008 -
C:\Users\Admin\AppData\Local\Temp\1fb47bccf43b6bf050159bebc32257a6.exeC:\Users\Admin\AppData\Local\Temp\1fb47bccf43b6bf050159bebc32257a6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:316
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
834KB
MD5d707cb259afbb385a417dbe7333623c9
SHA1b4436fb641ea2671d19ffa53bf59a54ed488eb9d
SHA2566fe7cf8dcc0476a5f7321b576a50a1d3a914c65422f0095e5b1df7ffd61ecea3
SHA5124c65f7a4ed943783d36c2d63b6a1752a9800225594923708bdadeed2306366c09e0c06c9af4d95aeb127c129ae390eba6b0c51d5e3ac662ef5f62efa55fd820f