Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
155s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
04/01/2024, 21:40
Static task
static1
Behavioral task
behavioral1
Sample
41f9bba48d9ce10cff3c98669ca22c57.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
41f9bba48d9ce10cff3c98669ca22c57.exe
Resource
win10v2004-20231215-en
General
-
Target
41f9bba48d9ce10cff3c98669ca22c57.exe
-
Size
57KB
-
MD5
41f9bba48d9ce10cff3c98669ca22c57
-
SHA1
78dd45d52f7863225d8859e23d0c4a51d41b14b0
-
SHA256
af0047c4ee026a29d9da0bf83fb90d92a8599893004842ddde951ad8308afdbb
-
SHA512
719ae5713d4d3483e218c542b10fefb1c64bbc92f4bac8293a2848761f452cf24a3c798543b37c9a5885d5dfcf29de2bbb285d529bdab1be272703d8c0532f1b
-
SSDEEP
768:/ddvoW2+hLnBhxszivxOmaelLBsbhrhlP7vMHJhjPBAO3te6J34jd14ZZceengQl:/dz2+hjBISaXVnMb7R9eBjzclJ6ovOH
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2360 41f9bba48d9ce10cff3c98669ca22c57.exe -
Executes dropped EXE 1 IoCs
pid Process 2360 41f9bba48d9ce10cff3c98669ca22c57.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2004 41f9bba48d9ce10cff3c98669ca22c57.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2004 41f9bba48d9ce10cff3c98669ca22c57.exe 2360 41f9bba48d9ce10cff3c98669ca22c57.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2004 wrote to memory of 2360 2004 41f9bba48d9ce10cff3c98669ca22c57.exe 88 PID 2004 wrote to memory of 2360 2004 41f9bba48d9ce10cff3c98669ca22c57.exe 88 PID 2004 wrote to memory of 2360 2004 41f9bba48d9ce10cff3c98669ca22c57.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe"C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exeC:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2360
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD54002ab7ded922ff21a9469de3b8bf0ea
SHA15228702fbb39513328bc37ceb7cb605b97fb8b69
SHA256d0936bcb8674a023aa37fdfb1badc8218870c582cfd127d859d43291a7191a65
SHA51241e2aaa68f6951752736ba04513eae32336a0ba247a28915cf4325af93d296a82414d67fa61972db3e079e479bd96503a106bc45ad5be0fcb919c6ca7f8a1a2c