Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 09:57
Static task
static1
Behavioral task
behavioral1
Sample
152292a4a231f1676a5e56af7c057f2f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
152292a4a231f1676a5e56af7c057f2f.exe
Resource
win10v2004-20231222-en
General
-
Target
152292a4a231f1676a5e56af7c057f2f.exe
-
Size
82KB
-
MD5
152292a4a231f1676a5e56af7c057f2f
-
SHA1
71660d9a8be3b0e9ef804f5aadb41c1662aa8162
-
SHA256
630e4e1f20d796401b6770643322cd99bed066f75b89c80ff46ea1a418d2169d
-
SHA512
833db15688a1ad89f35765de4c9ffbc072603c47e0bc40149070007cadc125c24f46a9c2b434270211a5f8fe6d702bd56a4eae6f905e6cef462d6de3e6ef7fa6
-
SSDEEP
1536:+mJ6g7NqEL5mbydXZx5TmJcpTW6ki/7ho/c4H1:+6NqEL5XB5TmJcViCC/cY
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1200 152292a4a231f1676a5e56af7c057f2f.exe -
Executes dropped EXE 1 IoCs
pid Process 1200 152292a4a231f1676a5e56af7c057f2f.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 436 152292a4a231f1676a5e56af7c057f2f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 436 152292a4a231f1676a5e56af7c057f2f.exe 1200 152292a4a231f1676a5e56af7c057f2f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 436 wrote to memory of 1200 436 152292a4a231f1676a5e56af7c057f2f.exe 89 PID 436 wrote to memory of 1200 436 152292a4a231f1676a5e56af7c057f2f.exe 89 PID 436 wrote to memory of 1200 436 152292a4a231f1676a5e56af7c057f2f.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\152292a4a231f1676a5e56af7c057f2f.exe"C:\Users\Admin\AppData\Local\Temp\152292a4a231f1676a5e56af7c057f2f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:436 -
C:\Users\Admin\AppData\Local\Temp\152292a4a231f1676a5e56af7c057f2f.exeC:\Users\Admin\AppData\Local\Temp\152292a4a231f1676a5e56af7c057f2f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1200
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5aaf43994381d8857d541103c37a6037f
SHA1f89d7599c0ecdd2d24adfd5124231f63f3e7bb11
SHA2564608238ad3f974ca5614ced62ea555b9f746498ecae7ad3fea401e09c8d1b660
SHA512eb5ff452548a079157280cfe2e81356f5e40e2b974fb7c30ac99d3cc4ab5fd553c35e8f2d8527ba0e98047b1352bad26eb5327e0722a824248a01da1e7264abe