Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
204s -
max time network
221s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 00:51
Behavioral task
behavioral1
Sample
09212c7e3fa60b26a0c8f6c9a1010a07.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
09212c7e3fa60b26a0c8f6c9a1010a07.exe
Resource
win10v2004-20231215-en
General
-
Target
09212c7e3fa60b26a0c8f6c9a1010a07.exe
-
Size
1.5MB
-
MD5
09212c7e3fa60b26a0c8f6c9a1010a07
-
SHA1
1fbc10563e592d131ba3dd4f933f88eb6a19e2e8
-
SHA256
af6fecca3a0a157e79e7d57d628579c0ac4b08c680913e1dd74016ea4f90a5c5
-
SHA512
cfad1f8726d74584df4bab0a9faeb03373c1cf6f1e15e6bf751b759d7aa050b743e49b358d40e17072b8501339acaf5fc2d879f9efcc3a49313eeb13fa692eeb
-
SSDEEP
24576:TWWAzhE0rExR2V8o+0MnnNTWR/foNHQrDUYfoCwrJxwWJr1vnZrdL4jdAqJV4rBa:TWWQa0oxR22EuTWZfoNH2DjbwH/H0xCL
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4588 09212c7e3fa60b26a0c8f6c9a1010a07.exe -
Executes dropped EXE 1 IoCs
pid Process 4588 09212c7e3fa60b26a0c8f6c9a1010a07.exe -
resource yara_rule behavioral2/memory/1124-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x00080000000231d6-11.dat upx behavioral2/memory/4588-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1124 09212c7e3fa60b26a0c8f6c9a1010a07.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1124 09212c7e3fa60b26a0c8f6c9a1010a07.exe 4588 09212c7e3fa60b26a0c8f6c9a1010a07.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1124 wrote to memory of 4588 1124 09212c7e3fa60b26a0c8f6c9a1010a07.exe 92 PID 1124 wrote to memory of 4588 1124 09212c7e3fa60b26a0c8f6c9a1010a07.exe 92 PID 1124 wrote to memory of 4588 1124 09212c7e3fa60b26a0c8f6c9a1010a07.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\09212c7e3fa60b26a0c8f6c9a1010a07.exe"C:\Users\Admin\AppData\Local\Temp\09212c7e3fa60b26a0c8f6c9a1010a07.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1124 -
C:\Users\Admin\AppData\Local\Temp\09212c7e3fa60b26a0c8f6c9a1010a07.exeC:\Users\Admin\AppData\Local\Temp\09212c7e3fa60b26a0c8f6c9a1010a07.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4588
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5384bd6d8eb309743988c79bf9b7a507a
SHA15c7581408feb73cd681e1fc4ceba87a97cdbec4f
SHA256ddb9c07dc721fb67192ce3c660ef9f760e7834ad8a13156ad53832e5067d5626
SHA5122d025999234192eb6a310e508658cf5a9955301e6da2bcc7e6bea7b4f6a4ce82437d81b9d3073de2f87ea32d76973d3840156000816b12ba0e5fd096858db1db