Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 01:47
Static task
static1
Behavioral task
behavioral1
Sample
234b92bd0ee4379fd3dd3ab0b6b41512.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
234b92bd0ee4379fd3dd3ab0b6b41512.exe
Resource
win10v2004-20231215-en
General
-
Target
234b92bd0ee4379fd3dd3ab0b6b41512.exe
-
Size
200KB
-
MD5
234b92bd0ee4379fd3dd3ab0b6b41512
-
SHA1
2712439da41eabe13bd4937d391c761adeb6a53f
-
SHA256
e3e16c419640b431cece0884125fa8d11295ab018b92b9c7d6e3e16db988b34c
-
SHA512
c67e78fccbf4d0a80af1871664b68c6f6fef4a494383f91e241a3689e39b7f404bf99a332d8e9b59a8cb0f5e3ff017bc2f12b78075b9162177cb98731713f744
-
SSDEEP
3072:OL2LZjJW1StWYOmgnQqRSGqYGfJSZryg0Il3KEJGggLuILLPIRJgJNCiskLe:OKLG15f0gSPvJSZvThGgglIbGCiFLe
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1172 234b92bd0ee4379fd3dd3ab0b6b41512.exe -
Executes dropped EXE 1 IoCs
pid Process 1172 234b92bd0ee4379fd3dd3ab0b6b41512.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3184 234b92bd0ee4379fd3dd3ab0b6b41512.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3184 234b92bd0ee4379fd3dd3ab0b6b41512.exe 1172 234b92bd0ee4379fd3dd3ab0b6b41512.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3184 wrote to memory of 1172 3184 234b92bd0ee4379fd3dd3ab0b6b41512.exe 90 PID 3184 wrote to memory of 1172 3184 234b92bd0ee4379fd3dd3ab0b6b41512.exe 90 PID 3184 wrote to memory of 1172 3184 234b92bd0ee4379fd3dd3ab0b6b41512.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\234b92bd0ee4379fd3dd3ab0b6b41512.exe"C:\Users\Admin\AppData\Local\Temp\234b92bd0ee4379fd3dd3ab0b6b41512.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3184 -
C:\Users\Admin\AppData\Local\Temp\234b92bd0ee4379fd3dd3ab0b6b41512.exeC:\Users\Admin\AppData\Local\Temp\234b92bd0ee4379fd3dd3ab0b6b41512.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1172
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB
MD5cb0a57422672906fb57d55f05f1db1ef
SHA1d745948da16073e4b7ea6887b232bfae29de4194
SHA2562ec75819281117191bc09db55cc2e7cabc89110b080deb44485fdb27df1c18b6
SHA512612a09cae48fefdb00e763808c1ca6e7157e3c5a361af32d7d7d20828ed97ec841dbe87918354eec974f01a5b4a835ecccc7aec7c6b51d16e4db8202488194a0