Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12/01/2024, 00:46
Static task
static1
Behavioral task
behavioral1
Sample
550797f1c8ee7fcd3818d5ee9cdbdb1b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
550797f1c8ee7fcd3818d5ee9cdbdb1b.exe
Resource
win10v2004-20231215-en
General
-
Target
550797f1c8ee7fcd3818d5ee9cdbdb1b.exe
-
Size
385KB
-
MD5
550797f1c8ee7fcd3818d5ee9cdbdb1b
-
SHA1
6dd3eec632a8c429dec08436140aaddeb435dbaf
-
SHA256
b4e7693eea8470e59c908c859b732ef194ff938980ec6485d490c21c79fafea6
-
SHA512
ed4944821e9471c22e0fc1d1e831858fd432b9c26033e7d35a208f666253d43c8e8579f271aad8425079c2be38366e720fb63b2ded04cd0fd448eeac6208a94c
-
SSDEEP
12288:D0A+GOZXKNs25XBsQ8qEgG9w4XrTDP/eYqZ7gs0JMTwIYeiYynHB:Dkt1KTjD8trt3jffB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 224 550797f1c8ee7fcd3818d5ee9cdbdb1b.exe -
Executes dropped EXE 1 IoCs
pid Process 224 550797f1c8ee7fcd3818d5ee9cdbdb1b.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4604 550797f1c8ee7fcd3818d5ee9cdbdb1b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4604 550797f1c8ee7fcd3818d5ee9cdbdb1b.exe 224 550797f1c8ee7fcd3818d5ee9cdbdb1b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4604 wrote to memory of 224 4604 550797f1c8ee7fcd3818d5ee9cdbdb1b.exe 88 PID 4604 wrote to memory of 224 4604 550797f1c8ee7fcd3818d5ee9cdbdb1b.exe 88 PID 4604 wrote to memory of 224 4604 550797f1c8ee7fcd3818d5ee9cdbdb1b.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exe"C:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4604 -
C:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exeC:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:224
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5126462d55cb5b9d064d6b5528fb97b34
SHA1ddf12964f53341aff41e5d3b1b85ca1f9796c0cf
SHA2569e242b3f15d93a3cd02fc5aa9720e9fcad54702e999aaad77ab919a2a17e3de0
SHA5121f8b13518a761389b7eafc3ccef859bdd0e19ff4cf8b037be0d5abc26d6fcda8a24d4360b16761695d844e1dea3fcbc6031a5a72d6c385a313f5bbd8756ea11d