Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/01/2024, 00:46
Behavioral task
behavioral1
Sample
578aa29e426d3ae376f524ef47e90430.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
578aa29e426d3ae376f524ef47e90430.exe
Resource
win10v2004-20231215-en
General
-
Target
578aa29e426d3ae376f524ef47e90430.exe
-
Size
1.6MB
-
MD5
578aa29e426d3ae376f524ef47e90430
-
SHA1
699a15a716e31912891bf9831864e1a0a7b5a541
-
SHA256
424d256feb47111e694ca7d64c052406e8309cd4abfc916a3f6fe671d3cd1c30
-
SHA512
45df8360029e9884681dd0dcb9b9715394c2e15ab2632ce398af7263c0dad8719bc604466f6ffc1db716e2bfce220a5ad1639c4af24a89e6874cbcdda411afe6
-
SSDEEP
24576:vFuVCIqyWhRg8GVUNVvxHAlDq6WFbPKGuvt2kTzfaZ49LyNOw87V3f5SBiWWI0td:vFuVUhnhXxLvRusAw2QsWP4d
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4460 578aa29e426d3ae376f524ef47e90430.exe -
Executes dropped EXE 1 IoCs
pid Process 4460 578aa29e426d3ae376f524ef47e90430.exe -
resource yara_rule behavioral2/memory/4448-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000400000001e96f-11.dat upx behavioral2/memory/4460-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4448 578aa29e426d3ae376f524ef47e90430.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4448 578aa29e426d3ae376f524ef47e90430.exe 4460 578aa29e426d3ae376f524ef47e90430.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4448 wrote to memory of 4460 4448 578aa29e426d3ae376f524ef47e90430.exe 88 PID 4448 wrote to memory of 4460 4448 578aa29e426d3ae376f524ef47e90430.exe 88 PID 4448 wrote to memory of 4460 4448 578aa29e426d3ae376f524ef47e90430.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe"C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4448 -
C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exeC:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4460
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
678KB
MD543eddbdaaf85ebd807565d1964a79211
SHA1519a1f7c3ca96e682cdf6c722652eb07c143f1b9
SHA256c58d69b57465c6090d55aca2bb684415ddf2c35e6d16a61698f14e2ce5244d23
SHA51237c572aa72670147d9a8be584a8d4a8f3283cca01040eae5f218e57941c5b8cd1dd4f535560c029ae31a7fd44efaa6214ca9caddd8e118bd6c44a52da220d25f