Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 05:09
Behavioral task
behavioral1
Sample
0fa43c2811486255c977a77411b02aa7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0fa43c2811486255c977a77411b02aa7.exe
Resource
win10v2004-20231222-en
General
-
Target
0fa43c2811486255c977a77411b02aa7.exe
-
Size
2.7MB
-
MD5
0fa43c2811486255c977a77411b02aa7
-
SHA1
f94f51f576361d8ba6694c7e519d2b3bc49038e1
-
SHA256
0a00c03e251b79f0ed35f8fce2be7f4531c901058f2304e2e4e66bbcfaf1dfbe
-
SHA512
e84825341ef8a73fba5c9615675a82f3169bc5986f701fa42f553e9cb06ce2914d5243ea56dfa91bf36cfa6a16009c07108027182d47ae6e0bd6972ca9224222
-
SSDEEP
49152:ukV8msJ1E4Qnlg0dCGCjR2LGSFJZR9ktBc1+Q4YdxSChG38bDUggR9t:R8mYE4Qnlg0dCTxkHktBcwQDM2YIDULN
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3768 0fa43c2811486255c977a77411b02aa7.exe -
Executes dropped EXE 1 IoCs
pid Process 3768 0fa43c2811486255c977a77411b02aa7.exe -
resource yara_rule behavioral2/memory/1800-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/memory/3768-14-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x000600000001e5df-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1800 0fa43c2811486255c977a77411b02aa7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1800 0fa43c2811486255c977a77411b02aa7.exe 3768 0fa43c2811486255c977a77411b02aa7.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1800 wrote to memory of 3768 1800 0fa43c2811486255c977a77411b02aa7.exe 16 PID 1800 wrote to memory of 3768 1800 0fa43c2811486255c977a77411b02aa7.exe 16 PID 1800 wrote to memory of 3768 1800 0fa43c2811486255c977a77411b02aa7.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe"C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exeC:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3768
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5eb1e5959b22f2322a3196892118c99d3
SHA149b170868699fc7363988d5fa7e82557229eefd3
SHA256cab63877079d5367590107fe65b6e464b669abdacdff91940f577d0eb90862b5
SHA512418f1e7bbcc5be1af07aa9dedc8645f2dd7ff497adca0641ad112ca1ef5b0b7aacee6a3c8fd04c261dc54a66e74a70ccde9d1e0ee1c2abe373a95c7ed2d9db18