Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
166s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 03:14
Behavioral task
behavioral1
Sample
0ca7f8fd50329fff0069a342870732c6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0ca7f8fd50329fff0069a342870732c6.exe
Resource
win10v2004-20231215-en
General
-
Target
0ca7f8fd50329fff0069a342870732c6.exe
-
Size
1.3MB
-
MD5
0ca7f8fd50329fff0069a342870732c6
-
SHA1
ea080e53d15c6f7e3792de6e403e2398cac665ce
-
SHA256
33504da9488d7d1951a20cdf7b8a596fdf7c94ce30b673effb8d31657dc641cf
-
SHA512
a3486e44d7b8839e9aed8a7059c6c7efe872fe06203b9f218a6cea005f5fef56927bf510ce362b6a5d32714902bcad325caedf60dbddbb6133cfae8289cfc1d8
-
SSDEEP
24576:lOWyOdb6LTGa+JF1aVNKKam7ChonQ38Kv/X//0IvZauVOkPnAnwU9/9Us:lODPGJF1autT/XHDvZ5VOGn4/R9j
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2468 0ca7f8fd50329fff0069a342870732c6.exe -
Executes dropped EXE 1 IoCs
pid Process 2468 0ca7f8fd50329fff0069a342870732c6.exe -
resource yara_rule behavioral2/memory/4032-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x000200000001e7df-12.dat upx behavioral2/memory/2468-14-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4032 0ca7f8fd50329fff0069a342870732c6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4032 0ca7f8fd50329fff0069a342870732c6.exe 2468 0ca7f8fd50329fff0069a342870732c6.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4032 wrote to memory of 2468 4032 0ca7f8fd50329fff0069a342870732c6.exe 95 PID 4032 wrote to memory of 2468 4032 0ca7f8fd50329fff0069a342870732c6.exe 95 PID 4032 wrote to memory of 2468 4032 0ca7f8fd50329fff0069a342870732c6.exe 95
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe"C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4032 -
C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exeC:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2468
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5c192d2ea5c510a1ab46bf47791f1267e
SHA13f6ba00de02b80bc1b29f3e214e5640b13c92460
SHA256d9a4cf4525db41cad9705abb7e7fcc6e271fadbd38c5aa638223ae11265893ba
SHA51272b449d488aa60d3c2b18e74b1435d424ffa6782206211eabcd6004f9a196e656fb3ea5c7982a4793e0463d8b8fe9b21ab8b9eb4a9500a64be333dff0aaf4df0