Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
64s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 14:24
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1b557cb7dded392c94fb1e6908a55136.exe
Resource
win7-20231215-en
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
1b557cb7dded392c94fb1e6908a55136.exe
Resource
win10v2004-20231215-en
5 signatures
150 seconds
General
-
Target
1b557cb7dded392c94fb1e6908a55136.exe
-
Size
82KB
-
MD5
1b557cb7dded392c94fb1e6908a55136
-
SHA1
91b14ae94dadbae436afadfda555da7707aace1f
-
SHA256
1cc8deb60b9c18cb30a58b67f92214db64488610551e96ca200a7d6ce35a1b74
-
SHA512
6de27d584ae51fa8a5a81a011c1b7d7eb7e61d054cbafc0b20eeed86bc0a17e4baaa86deb5b2cf786c1116fe84bd1f1411c3b6f2fe99a3d60514d633412014b6
-
SSDEEP
1536:KRPSLf2QTe8mxHHbX6hVFw9MovRhdBGk/u+AiqjyV61HJEVC4CE2o:f2lH+VAndZrD/BlP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2416 1b557cb7dded392c94fb1e6908a55136.exe -
Executes dropped EXE 1 IoCs
pid Process 2416 1b557cb7dded392c94fb1e6908a55136.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1460 1b557cb7dded392c94fb1e6908a55136.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1460 1b557cb7dded392c94fb1e6908a55136.exe 2416 1b557cb7dded392c94fb1e6908a55136.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1460 wrote to memory of 2416 1460 1b557cb7dded392c94fb1e6908a55136.exe 25 PID 1460 wrote to memory of 2416 1460 1b557cb7dded392c94fb1e6908a55136.exe 25 PID 1460 wrote to memory of 2416 1460 1b557cb7dded392c94fb1e6908a55136.exe 25
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b557cb7dded392c94fb1e6908a55136.exe"C:\Users\Admin\AppData\Local\Temp\1b557cb7dded392c94fb1e6908a55136.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Users\Admin\AppData\Local\Temp\1b557cb7dded392c94fb1e6908a55136.exeC:\Users\Admin\AppData\Local\Temp\1b557cb7dded392c94fb1e6908a55136.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2416
-