Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 13:25
Static task
static1
Behavioral task
behavioral1
Sample
37ef8fc09ef0d6a5c350f53fae97b267.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
37ef8fc09ef0d6a5c350f53fae97b267.exe
Resource
win10v2004-20231215-en
General
-
Target
37ef8fc09ef0d6a5c350f53fae97b267.exe
-
Size
165KB
-
MD5
37ef8fc09ef0d6a5c350f53fae97b267
-
SHA1
4203da41527e9b1a673958763b1227928e494b4d
-
SHA256
7fd0d79657291d38f1b5a311245fb065052c75011ec389e29f8a3480466f8c3e
-
SHA512
d68c7278a31dd76bc47124faae815beda2ab51cf41936e44b30a5fb91ee06f85c7679edbcc8b53a785a8c6b5b8cbedf0aaf13dd6ad72ef4c9596cbdeef5d12e8
-
SSDEEP
3072:ZNCMFjPcfqsBv6fXXv2zP6kkt4UjwIirqyYaT5hT:ZNCM6yGyHuD6kkqsiLr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3228 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Executes dropped EXE 1 IoCs
pid Process 3228 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4924 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4924 37ef8fc09ef0d6a5c350f53fae97b267.exe 3228 37ef8fc09ef0d6a5c350f53fae97b267.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4924 wrote to memory of 3228 4924 37ef8fc09ef0d6a5c350f53fae97b267.exe 90 PID 4924 wrote to memory of 3228 4924 37ef8fc09ef0d6a5c350f53fae97b267.exe 90 PID 4924 wrote to memory of 3228 4924 37ef8fc09ef0d6a5c350f53fae97b267.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\37ef8fc09ef0d6a5c350f53fae97b267.exe"C:\Users\Admin\AppData\Local\Temp\37ef8fc09ef0d6a5c350f53fae97b267.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Users\Admin\AppData\Local\Temp\37ef8fc09ef0d6a5c350f53fae97b267.exeC:\Users\Admin\AppData\Local\Temp\37ef8fc09ef0d6a5c350f53fae97b267.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3228
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
165KB
MD55f1ae2f6a37259919e5a9ee07dd4e32d
SHA1f275e5968eee1c774256e8b7a253eacdc422011e
SHA256cb6cf7c194a798974b0e547c21a1c89d0208b14b1c35dd3426a26087a322ebb3
SHA512f7a7b9513bd6852a8475d931ede7fb17e8e3f8c0263be0dd23e19666cd8219664e0c4ad369c1c1ad82de71845370fdd8b153b17cefdde4c7c5d190eba6a99c81