Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 23:49
Behavioral task
behavioral1
Sample
2095d9e376e2785ef1d8834deb2c2f53.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2095d9e376e2785ef1d8834deb2c2f53.exe
Resource
win10v2004-20231215-en
General
-
Target
2095d9e376e2785ef1d8834deb2c2f53.exe
-
Size
1.3MB
-
MD5
2095d9e376e2785ef1d8834deb2c2f53
-
SHA1
63ed6f00c75e44da025a37bd962c05c9df6341eb
-
SHA256
adf7a8ce9a3f261d36bcd8a89078368997b4bf0065f9340f0b8938bd28f4fe45
-
SHA512
beefbd5d4d96570c87123b219e7b9f195feb3c81e82b824e94655f1ce897e42260f14f1ba78edb95d03143fee6238f621de785ee6c1dea9b16fcabec53728164
-
SSDEEP
24576:xC4szuXktwpE7c+QKs5Cmuu8vNyn1blE5DXCvG:w4hAKE7c+QKs5Cmmc18z
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4964 2095d9e376e2785ef1d8834deb2c2f53.exe -
Executes dropped EXE 1 IoCs
pid Process 4964 2095d9e376e2785ef1d8834deb2c2f53.exe -
resource yara_rule behavioral2/memory/724-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x000300000001f45f-13.dat upx behavioral2/memory/4964-15-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 724 2095d9e376e2785ef1d8834deb2c2f53.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 724 2095d9e376e2785ef1d8834deb2c2f53.exe 4964 2095d9e376e2785ef1d8834deb2c2f53.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 724 wrote to memory of 4964 724 2095d9e376e2785ef1d8834deb2c2f53.exe 88 PID 724 wrote to memory of 4964 724 2095d9e376e2785ef1d8834deb2c2f53.exe 88 PID 724 wrote to memory of 4964 724 2095d9e376e2785ef1d8834deb2c2f53.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\2095d9e376e2785ef1d8834deb2c2f53.exe"C:\Users\Admin\AppData\Local\Temp\2095d9e376e2785ef1d8834deb2c2f53.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:724 -
C:\Users\Admin\AppData\Local\Temp\2095d9e376e2785ef1d8834deb2c2f53.exeC:\Users\Admin\AppData\Local\Temp\2095d9e376e2785ef1d8834deb2c2f53.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4964
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
381KB
MD58c5f5a9232b3fb16e40b50e21192ff0a
SHA1de93754d588d0d6aea36aeb146c20323f8801ee8
SHA25656562c4bccbb39f0eb4a6e98078b07822134f74a0a59670bcbdb4564274ab4a0
SHA512c7696b5eb847addf143c30f929c9857c1e8522c499fc06746a3edf443bd51e5f9c39868e7b210c4310d8d97c2e63e135200644cf1a984692ac2e10e2b20dcec6