Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 02:03
Static task
static1
Behavioral task
behavioral1
Sample
23c5a119c67a2eb5793833e42252469b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
23c5a119c67a2eb5793833e42252469b.exe
Resource
win10v2004-20231215-en
General
-
Target
23c5a119c67a2eb5793833e42252469b.exe
-
Size
771KB
-
MD5
23c5a119c67a2eb5793833e42252469b
-
SHA1
bdad17cc4e15c70ae3c45175176c05d7dd8d344e
-
SHA256
ee6d3f75b4b0e2eb02f52703f84e6a41023733028c4c6a483fac5411bc6587db
-
SHA512
9f7a34e083f68b6032f23f20c6a892fd1333bb734147fca9d604b71d52987638f1e38dee89d990775d7442776d04a6b9fb9ac591507b898f4ea5bec557305067
-
SSDEEP
24576:CwEu2CILx/S5O0Sb13tvZWqEIz6qrfiTMB:2u2CIySb1VZQe6q7iT2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 208 23c5a119c67a2eb5793833e42252469b.exe -
Executes dropped EXE 1 IoCs
pid Process 208 23c5a119c67a2eb5793833e42252469b.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3896 23c5a119c67a2eb5793833e42252469b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3896 23c5a119c67a2eb5793833e42252469b.exe 208 23c5a119c67a2eb5793833e42252469b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3896 wrote to memory of 208 3896 23c5a119c67a2eb5793833e42252469b.exe 15 PID 3896 wrote to memory of 208 3896 23c5a119c67a2eb5793833e42252469b.exe 15 PID 3896 wrote to memory of 208 3896 23c5a119c67a2eb5793833e42252469b.exe 15
Processes
-
C:\Users\Admin\AppData\Local\Temp\23c5a119c67a2eb5793833e42252469b.exe"C:\Users\Admin\AppData\Local\Temp\23c5a119c67a2eb5793833e42252469b.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3896 -
C:\Users\Admin\AppData\Local\Temp\23c5a119c67a2eb5793833e42252469b.exeC:\Users\Admin\AppData\Local\Temp\23c5a119c67a2eb5793833e42252469b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:208
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
771KB
MD5804087b4c6ab15259d7b8b2ecc84e6ad
SHA1813fd9fa293804aff2ad1f4542a35d17cab42804
SHA2563c9946918e75fea8dcde53232e40aa550652565921d36f8ca8b638a732d638d7
SHA51263f1c5527107e0cf5731d0419ffb55578e6e1b4e549c4b542d462fc966a19f93e3d51c764d4f2973eb24e49e12a71e3b483dc4fe92d2f0006c0098f7179d6216