Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12/01/2024, 13:36
Behavioral task
behavioral1
Sample
569a99971fc0e576b44e35a1ce0687d3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
569a99971fc0e576b44e35a1ce0687d3.exe
Resource
win10v2004-20231215-en
General
-
Target
569a99971fc0e576b44e35a1ce0687d3.exe
-
Size
1.5MB
-
MD5
569a99971fc0e576b44e35a1ce0687d3
-
SHA1
2f2a1fe239b28b7f0896bbee2fe19ea8e57fb644
-
SHA256
13787ab91a2fbb2fb2492d4b36687c9b7d95051a6e6c5d25ffbf5d78cfc34481
-
SHA512
0fe79be7453ffd52d0578bd5e2d5b3d15737edd6ba142101d74ea54f3c2a4fc0f0a1a6a353becc092fbe1ff2190ef6101d1423aef9a161e24455039bdbbe5954
-
SSDEEP
24576:1HmW1paBmPZ9vCU2lxBHh9sWLi6P4ws4oIIin0JqeZnvsUoBrKFRW:wI5PjvC9lheW+6zs80oqvsUoE
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3820 569a99971fc0e576b44e35a1ce0687d3.exe -
Executes dropped EXE 1 IoCs
pid Process 3820 569a99971fc0e576b44e35a1ce0687d3.exe -
resource yara_rule behavioral2/memory/1888-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0007000000023120-11.dat upx behavioral2/memory/3820-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1888 569a99971fc0e576b44e35a1ce0687d3.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1888 569a99971fc0e576b44e35a1ce0687d3.exe 3820 569a99971fc0e576b44e35a1ce0687d3.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1888 wrote to memory of 3820 1888 569a99971fc0e576b44e35a1ce0687d3.exe 91 PID 1888 wrote to memory of 3820 1888 569a99971fc0e576b44e35a1ce0687d3.exe 91 PID 1888 wrote to memory of 3820 1888 569a99971fc0e576b44e35a1ce0687d3.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exe"C:\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exeC:\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3820
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD55a88453255938371172225267deb9379
SHA1dd043c40b2411f50620dd2c093c18054ff336306
SHA256b599086b26b4c426110e45e121cfd43c6cb8f7b9501372a30092ba7c36407ed4
SHA5127abd7a4be1136114d8bfe61ea88a91e011040caa5544e3a63ee71c139b17d264b475c4f49dc75865d2e97fa79b225b281dcea4aa431127b98ab55c15a193ba8a