Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
178s -
max time network
200s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 02:23
Behavioral task
behavioral1
Sample
2462d70108ce8871f91162212aee7f57.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2462d70108ce8871f91162212aee7f57.exe
Resource
win10v2004-20231215-en
General
-
Target
2462d70108ce8871f91162212aee7f57.exe
-
Size
2.9MB
-
MD5
2462d70108ce8871f91162212aee7f57
-
SHA1
7974c42b2084acbe7017a04b79c688f175b1b5e1
-
SHA256
36f822ec79ef01d55fdfa1af3310ad568ca784023cbd1eba53ffeb815897f1a3
-
SHA512
d800df5b3024fefc73d6b250a0fb9c3f70a9d59e7a1da44787ac7da4b2baf3f36be6b12dcf1c939aee14438423f71978e3a4d6f1520534e509e50218d26f131e
-
SSDEEP
49152:4ziVIAF0Bi5llgbwWDgPE8lSCx0+ZHpY9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:ihDawbwWD+1lTrYHau42c1joCjMPkNwv
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3444 2462d70108ce8871f91162212aee7f57.exe -
Executes dropped EXE 1 IoCs
pid Process 3444 2462d70108ce8871f91162212aee7f57.exe -
resource yara_rule behavioral2/memory/4284-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/memory/3444-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x00070000000231f8-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4284 2462d70108ce8871f91162212aee7f57.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4284 2462d70108ce8871f91162212aee7f57.exe 3444 2462d70108ce8871f91162212aee7f57.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4284 wrote to memory of 3444 4284 2462d70108ce8871f91162212aee7f57.exe 90 PID 4284 wrote to memory of 3444 4284 2462d70108ce8871f91162212aee7f57.exe 90 PID 4284 wrote to memory of 3444 4284 2462d70108ce8871f91162212aee7f57.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe"C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exeC:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3444
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
63KB
MD570ff3b76631b66d6ca20c16d21f432bc
SHA1b5dc96548ede84f266f6e6f138c5bef1db0a2f16
SHA2560ef387ff8d9a0c58446a630974a7e2aeae9f476e45bda36f119ae00853838cf8
SHA5126ff3254f810f93b853b006a01bcf9797233c9930c8a78cbd7629f2b67892e479541ebd9ec0939cf4570dfe0606b9f6e7b1e66be690923a4df384693ab4774b88