Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
201s -
max time network
215s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 04:50
Behavioral task
behavioral1
Sample
0f0ff38cb163632603dd1e15514a5610.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0f0ff38cb163632603dd1e15514a5610.exe
Resource
win10v2004-20231215-en
General
-
Target
0f0ff38cb163632603dd1e15514a5610.exe
-
Size
1.5MB
-
MD5
0f0ff38cb163632603dd1e15514a5610
-
SHA1
23652411a11f366f62f1cb229b7b05ee9383c724
-
SHA256
0a62db95264abf035e276a3cf3cf30969456543c39caf43367bb79c8045f45fa
-
SHA512
f589a772683683e948bf29f88262ca4f33ca8379eca5b647ee2171582c81d8504475ba2fe92ad14356fc0b16397cc44a5b3e7e2d5293c36d767275cdf236e39c
-
SSDEEP
24576:eNnxuTG7ei8wOlna3Jt3zV0vErfc+j/C8+K7l5/TbRYhE7W:+xuTGyqO8zSvifcIDv55H
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4044 0f0ff38cb163632603dd1e15514a5610.exe -
Executes dropped EXE 1 IoCs
pid Process 4044 0f0ff38cb163632603dd1e15514a5610.exe -
resource yara_rule behavioral2/memory/2108-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000700000002321a-11.dat upx behavioral2/memory/4044-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2108 0f0ff38cb163632603dd1e15514a5610.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2108 0f0ff38cb163632603dd1e15514a5610.exe 4044 0f0ff38cb163632603dd1e15514a5610.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2108 wrote to memory of 4044 2108 0f0ff38cb163632603dd1e15514a5610.exe 91 PID 2108 wrote to memory of 4044 2108 0f0ff38cb163632603dd1e15514a5610.exe 91 PID 2108 wrote to memory of 4044 2108 0f0ff38cb163632603dd1e15514a5610.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f0ff38cb163632603dd1e15514a5610.exe"C:\Users\Admin\AppData\Local\Temp\0f0ff38cb163632603dd1e15514a5610.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Users\Admin\AppData\Local\Temp\0f0ff38cb163632603dd1e15514a5610.exeC:\Users\Admin\AppData\Local\Temp\0f0ff38cb163632603dd1e15514a5610.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4044
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD59e2e7407ba51140a27cf1a9056c7dceb
SHA156a7de90b2635cfd2f404a212179ba6875b4f0ea
SHA256689da558880d2e516a3fc50028716aab74b8178cca2f11573cc0f339f788e34c
SHA512cf313ead2ec76b23d60e88e5851d2945565c9d9184ba127634539d26bf007996552391a267fad0f163cd4550a735c54f95e0d02f0393b7b9e17d943c65882c0d