Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 15:10
Static task
static1
Behavioral task
behavioral1
Sample
468ad14e40f689f33568cfd2f5c187c0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
468ad14e40f689f33568cfd2f5c187c0.exe
Resource
win10v2004-20231215-en
General
-
Target
468ad14e40f689f33568cfd2f5c187c0.exe
-
Size
385KB
-
MD5
468ad14e40f689f33568cfd2f5c187c0
-
SHA1
2037da359ebe0da7a96ae8a6da72726610f3bb49
-
SHA256
70071249fa7a9030972e8ccc3bcb9a2614075669526b14dd057ef0a04d40d695
-
SHA512
34994765aac462c791121e29151e0fd07cb40232ea7a7fd1e496d9751ef5ee22682c407de247b164433c24d9f75d66a9119493d1884a5580056309da23a15199
-
SSDEEP
12288:zXtwOqgga2eKxE932nr8Xbo6uC8HX6kXpO0RgwB:aOqrHy8gLiCeX6urfB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 940 468ad14e40f689f33568cfd2f5c187c0.exe -
Executes dropped EXE 1 IoCs
pid Process 940 468ad14e40f689f33568cfd2f5c187c0.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1468 468ad14e40f689f33568cfd2f5c187c0.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1468 468ad14e40f689f33568cfd2f5c187c0.exe 940 468ad14e40f689f33568cfd2f5c187c0.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1468 wrote to memory of 940 1468 468ad14e40f689f33568cfd2f5c187c0.exe 92 PID 1468 wrote to memory of 940 1468 468ad14e40f689f33568cfd2f5c187c0.exe 92 PID 1468 wrote to memory of 940 1468 468ad14e40f689f33568cfd2f5c187c0.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\468ad14e40f689f33568cfd2f5c187c0.exe"C:\Users\Admin\AppData\Local\Temp\468ad14e40f689f33568cfd2f5c187c0.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Users\Admin\AppData\Local\Temp\468ad14e40f689f33568cfd2f5c187c0.exeC:\Users\Admin\AppData\Local\Temp\468ad14e40f689f33568cfd2f5c187c0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:940
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
382KB
MD5ff7ec4536cc9325b5b22d4ece84dc784
SHA191d9d8b56a218c286f44146aa09f46b8caba637b
SHA256e44132f21bc09698b186e142387c2dbc587965a0dda829789022c0c00da19936
SHA512931120c42bd60fbd6bddf0fa3212d1beac0caf74ac324c6fee3a824774ad0dc103da4e58ee05efaa61195ca245eff011778dd6e263e8ffac0032a10346a2721f