Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 12:50
Behavioral task
behavioral1
Sample
36bc96beb8c702c884bdbaff9d949240.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
36bc96beb8c702c884bdbaff9d949240.exe
Resource
win10v2004-20231222-en
General
-
Target
36bc96beb8c702c884bdbaff9d949240.exe
-
Size
5.8MB
-
MD5
36bc96beb8c702c884bdbaff9d949240
-
SHA1
0c2a52ded9931ae6f75213b29648cdc8c942c5f1
-
SHA256
8b8fb2b97f394c1bd87409ea482a61f668d9c2e92b6c30ffd92bbb66fcd00a0a
-
SHA512
29e4da0cc74f3241b7b5fda5f2a3d9917b036aa71a2f06094cee830d9817fc8f0c861cdce69aae0ce004c0e8eda7ac6c2fd4ba80a0da635e07793115785b5a9e
-
SSDEEP
98304:ECJ2lMjqf6eZGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:ECUlMp8GhRaaCkN9qHGhRa
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3248 36bc96beb8c702c884bdbaff9d949240.exe -
Executes dropped EXE 1 IoCs
pid Process 3248 36bc96beb8c702c884bdbaff9d949240.exe -
resource yara_rule behavioral2/memory/3240-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000a0000000230f9-11.dat upx behavioral2/memory/3248-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3240 36bc96beb8c702c884bdbaff9d949240.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3240 36bc96beb8c702c884bdbaff9d949240.exe 3248 36bc96beb8c702c884bdbaff9d949240.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3240 wrote to memory of 3248 3240 36bc96beb8c702c884bdbaff9d949240.exe 73 PID 3240 wrote to memory of 3248 3240 36bc96beb8c702c884bdbaff9d949240.exe 73 PID 3240 wrote to memory of 3248 3240 36bc96beb8c702c884bdbaff9d949240.exe 73
Processes
-
C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe"C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3240 -
C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exeC:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3248
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
169KB
MD53af0bc84400678e084e4fa3af261f978
SHA1664e3208627a59bc9b8a0d10b6c48fea83b0033a
SHA256b677e31c982b5eef0688307ee310ecd9cd46ae06064977838d18a6634c1365b9
SHA5122543139868a121975858aab52f9b5ba969650c2c58918e32060839b381aeda4c445c3fdfe384d993d1829cc4abe38ae9416ebb7ae15702d2bf7fca72920b73d5