Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
159s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 00:29
Behavioral task
behavioral1
Sample
0897fc15dab686aefb5ad0ef2a153aa8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0897fc15dab686aefb5ad0ef2a153aa8.exe
Resource
win10v2004-20231215-en
General
-
Target
0897fc15dab686aefb5ad0ef2a153aa8.exe
-
Size
2.4MB
-
MD5
0897fc15dab686aefb5ad0ef2a153aa8
-
SHA1
2ac7d1e589bd2d9d7970ebe004119bbadf88b4b4
-
SHA256
3bf8f114cae4af01e2eb3a0f0ee13ebf678fdc039a7f92053f612cd1723b5269
-
SHA512
d17a8a93da1dc1734d51f256661d7e452cfb50b5b2f573dd0f6da312d34223c8463fae8f3d91657f7d914335352b9d26a9a8075ad1773136539c408f0ffe7b29
-
SSDEEP
49152:w5mmc0Ng/j2tFwKZrae+jnYyrtxr1hTWZ29P4M338dB2IBlGuuDVUsdxxjr:WmmvNsatFWev0P1Iogg3gnl/IVUs1jr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1400 0897fc15dab686aefb5ad0ef2a153aa8.exe -
Executes dropped EXE 1 IoCs
pid Process 1400 0897fc15dab686aefb5ad0ef2a153aa8.exe -
resource yara_rule behavioral2/memory/3368-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000200000001e7e4-12.dat upx behavioral2/memory/1400-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3368 0897fc15dab686aefb5ad0ef2a153aa8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3368 0897fc15dab686aefb5ad0ef2a153aa8.exe 1400 0897fc15dab686aefb5ad0ef2a153aa8.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3368 wrote to memory of 1400 3368 0897fc15dab686aefb5ad0ef2a153aa8.exe 94 PID 3368 wrote to memory of 1400 3368 0897fc15dab686aefb5ad0ef2a153aa8.exe 94 PID 3368 wrote to memory of 1400 3368 0897fc15dab686aefb5ad0ef2a153aa8.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe"C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3368 -
C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exeC:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1400
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD5f865af369e125176279ecc579cfded01
SHA17a2627be4daaa14ef33c52852558b42b59ac0766
SHA25617bffc47933c633c825a9432a58a52f94e9764719b75964cce860e396b3e809f
SHA51268f3d872a6fc3919357deb9c5c861a725584604cdd04ea41369f4e2707bda1b80bf524e66671fd6b053d7fbf7775a74e43100af495ce3742c9b3970744d53c95