Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
159s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 00:01
Behavioral task
behavioral1
Sample
20ebb900d939109c2c237f8be5b28e06.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
20ebb900d939109c2c237f8be5b28e06.exe
Resource
win10v2004-20231215-en
General
-
Target
20ebb900d939109c2c237f8be5b28e06.exe
-
Size
5.3MB
-
MD5
20ebb900d939109c2c237f8be5b28e06
-
SHA1
3d7eb534e871bb2bfaee6dc1ca4bd5b789ec8bb6
-
SHA256
b78a195933dec6429ed40db4653efef8f71bb2e38ad25c859f648a52baf664d6
-
SHA512
e049bb4e646852cb9708b978e8ddc766d8175922954111a3d2a6da7caf7c0060b741ee78675be93fdae6f4194de2118250e763cb52d4e9248bcf59e3bb8b9dc0
-
SSDEEP
98304:0UWgM4muNBLOoHktBcwQDM2YIDULHHQNddxWMEQlgjHktBcwQDM2YIDULHt:tWg0M1zschDHIUzlgjschDHIN
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 880 20ebb900d939109c2c237f8be5b28e06.exe -
Executes dropped EXE 1 IoCs
pid Process 880 20ebb900d939109c2c237f8be5b28e06.exe -
resource yara_rule behavioral2/memory/2824-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/memory/880-12-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x000600000002322a-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2824 20ebb900d939109c2c237f8be5b28e06.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2824 20ebb900d939109c2c237f8be5b28e06.exe 880 20ebb900d939109c2c237f8be5b28e06.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2824 wrote to memory of 880 2824 20ebb900d939109c2c237f8be5b28e06.exe 93 PID 2824 wrote to memory of 880 2824 20ebb900d939109c2c237f8be5b28e06.exe 93 PID 2824 wrote to memory of 880 2824 20ebb900d939109c2c237f8be5b28e06.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe"C:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exeC:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:880
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
256KB
MD5f5e7afa034c5a3bad5b57b8b0e4ce2b0
SHA1746cb1b3162de5f80829eef5685ca4593e1607ed
SHA256a7839333eebcc6233c15beb6f3ba8e6e1b5c7a23a239012c5160dd09d8d43079
SHA5125d8b4f0fb115edf48886dd405b3070ed3508ad1a580c5387a04644fe6530ff8e8a3c3db7274e6d4cd8433a2ca506dd553eeddbdd79e48e7a7e6643fe703aaf4e