Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2024, 21:50
Behavioral task
behavioral1
Sample
49dc29b126d3ca34cf92b57547364a55.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
49dc29b126d3ca34cf92b57547364a55.exe
Resource
win10v2004-20231215-en
General
-
Target
49dc29b126d3ca34cf92b57547364a55.exe
-
Size
115KB
-
MD5
49dc29b126d3ca34cf92b57547364a55
-
SHA1
e87af745bbe21dd2d2d2fd6704ac3aa68fad445c
-
SHA256
b4b77c2194be11999c98009b40b7b3f280b6ea0667ed54ba2704698fef2aafe4
-
SHA512
0591cb50ea0a6145f1b124d900a29e0153b7d858b7573999310ad1346b7d8e55ced9f837b78b6565a17ab70d15f461a100b0d3f55d8bcda536e3eb3eddcf0746
-
SSDEEP
3072:Dwht8xpIjcNUWvnPU7pYnMXXnRUxKHPYd:0jMpIjCxv87ynMXXRhPYd
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2728 49dc29b126d3ca34cf92b57547364a55.exe -
Executes dropped EXE 1 IoCs
pid Process 2728 49dc29b126d3ca34cf92b57547364a55.exe -
resource yara_rule behavioral2/memory/4812-0-0x0000000000400000-0x0000000000475000-memory.dmp upx behavioral2/files/0x000500000001e715-12.dat upx behavioral2/memory/2728-14-0x0000000000400000-0x0000000000475000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4812 49dc29b126d3ca34cf92b57547364a55.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4812 49dc29b126d3ca34cf92b57547364a55.exe 2728 49dc29b126d3ca34cf92b57547364a55.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4812 wrote to memory of 2728 4812 49dc29b126d3ca34cf92b57547364a55.exe 91 PID 4812 wrote to memory of 2728 4812 49dc29b126d3ca34cf92b57547364a55.exe 91 PID 4812 wrote to memory of 2728 4812 49dc29b126d3ca34cf92b57547364a55.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\49dc29b126d3ca34cf92b57547364a55.exe"C:\Users\Admin\AppData\Local\Temp\49dc29b126d3ca34cf92b57547364a55.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Users\Admin\AppData\Local\Temp\49dc29b126d3ca34cf92b57547364a55.exeC:\Users\Admin\AppData\Local\Temp\49dc29b126d3ca34cf92b57547364a55.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2728
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
115KB
MD5c2fb339eda3509ccc2aa579748786d24
SHA15bc85f371c13adfdd47ede681ff10e0a406f59ef
SHA256308851a098ba561be4a9259a3f0488ccfa69aa31220a1cbad7021c733b022afc
SHA512696a571602767a933b7bcc8f122caee596e4f390f803883a8864c03ccd339d3a49b29bd0af9e679025dfeb2bab6a0e660071c236f906c9b86bf3e11bde375cdd