Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 04:51
Static task
static1
Behavioral task
behavioral1
Sample
0f1a5315e2beffdab19897c3f02434e8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0f1a5315e2beffdab19897c3f02434e8.exe
Resource
win10v2004-20231215-en
General
-
Target
0f1a5315e2beffdab19897c3f02434e8.exe
-
Size
82KB
-
MD5
0f1a5315e2beffdab19897c3f02434e8
-
SHA1
d64aca90b59a97aa102ef8620e6e032512199150
-
SHA256
3ca2b874ece51139a1a75e553ec1e860a503cca1491466e14b58086aed316b0c
-
SHA512
1ebbf75259cc1c3222dd4fe2cf7a85ab6484fe54d404674c99ff42be61d5ad18737fbe8fec8a036091021595d87c5a681b84158830264d80b5a2346468046b31
-
SSDEEP
1536:0rxFSj+GceBS5SYW2apswa0bzTagIBrfcvLrqTd3S0xvWTQW9yED+ai9kJduPy49:0fSj+GceBS5pJapswa0XTalBrfcTrwvj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2952 0f1a5315e2beffdab19897c3f02434e8.exe -
Executes dropped EXE 1 IoCs
pid Process 2952 0f1a5315e2beffdab19897c3f02434e8.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2964 0f1a5315e2beffdab19897c3f02434e8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2964 0f1a5315e2beffdab19897c3f02434e8.exe 2952 0f1a5315e2beffdab19897c3f02434e8.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2964 wrote to memory of 2952 2964 0f1a5315e2beffdab19897c3f02434e8.exe 91 PID 2964 wrote to memory of 2952 2964 0f1a5315e2beffdab19897c3f02434e8.exe 91 PID 2964 wrote to memory of 2952 2964 0f1a5315e2beffdab19897c3f02434e8.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exe"C:\Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exeC:\Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2952
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5bc3b695377145523d5b5ee149d253410
SHA1d27dda1ef2f2af830d5f6d15012ec2903633cb92
SHA256d09bacc74477b411be4f54ef3d68217b34975e1d8d2aa085d379b9cfef0df775
SHA51264b0a29ddc3947da61578cb1f514cdf24841d7604d93f48252392e6a8e7e191c471f6e922103f71c141439b03877f1f9246a9fa8c5bfe34a6e6bfec87f67eb6d