Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/01/2024, 03:42
Behavioral task
behavioral1
Sample
5a2f31e3a773d48036f8679580fb49f3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5a2f31e3a773d48036f8679580fb49f3.exe
Resource
win10v2004-20231215-en
General
-
Target
5a2f31e3a773d48036f8679580fb49f3.exe
-
Size
2.9MB
-
MD5
5a2f31e3a773d48036f8679580fb49f3
-
SHA1
d73bee7c465c480eb623ab439dfa05d5808f4e55
-
SHA256
2f0049d5f00318c3c1621fc94fc6bd2048d5a0b298bb5917afb61e644f40c473
-
SHA512
5db1da39b95553e3589275867dcdd44cefb9a7284019643a45a097d64f38cbb4da85a7a59b4fde5ef414374fe75b02fc618b49ff01c21b968064e14be23ef7ad
-
SSDEEP
49152:QcEuqR8kPm+ZNN5wgd7Vu+0OVCsKGi9s5K3P4M338dB2IBlGuuDVUsdxxjeQZwxs:QckR8ke+ZN/wge+0OCT/gg3gnl/IVUsn
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 532 5a2f31e3a773d48036f8679580fb49f3.exe -
Executes dropped EXE 1 IoCs
pid Process 532 5a2f31e3a773d48036f8679580fb49f3.exe -
resource yara_rule behavioral2/memory/3784-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000d00000002315a-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3784 5a2f31e3a773d48036f8679580fb49f3.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3784 5a2f31e3a773d48036f8679580fb49f3.exe 532 5a2f31e3a773d48036f8679580fb49f3.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3784 wrote to memory of 532 3784 5a2f31e3a773d48036f8679580fb49f3.exe 87 PID 3784 wrote to memory of 532 3784 5a2f31e3a773d48036f8679580fb49f3.exe 87 PID 3784 wrote to memory of 532 3784 5a2f31e3a773d48036f8679580fb49f3.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe"C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3784 -
C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exeC:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:532
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD51b47f4b61023d9e0845aef455c284111
SHA14bc4d2c2d585d0611f31aa7e5c00585eb409fe53
SHA2566fcb5f5d53a80be9f0a253addae2d7a8683537e18379c27101f990ba2879211a
SHA5127853ba868e50d3fde3ed0f90c9030eb66b917bfca50f60a6b68dbad66cab2fbbd0538e8c3b8b7701e510733b70d2b63aef2a5ca59c16d9d8f3fd6807f079d385