Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2024, 19:16
Behavioral task
behavioral1
Sample
65d3313b58943b9e7c1071c0e0c786fb.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
65d3313b58943b9e7c1071c0e0c786fb.exe
Resource
win10v2004-20231215-en
General
-
Target
65d3313b58943b9e7c1071c0e0c786fb.exe
-
Size
2.9MB
-
MD5
65d3313b58943b9e7c1071c0e0c786fb
-
SHA1
4396985926450e7c8a048d4505e9cd8a705f1da8
-
SHA256
7673c5f6768f9b4ddfac595a336c498473acfd669f79212f8a8a1b0b40c40ec8
-
SHA512
793576375de8e1ac29bd7cbfbcc39b461272a81efe4881bbce411fcc150435ec41b0f2881c7bb0088a45a58b1d755dfe3aa4464ec45b3fac8eae2aa58f9db72d
-
SSDEEP
49152:v1x6MdL8lMOalTq9loeSPfDggkFypIegnBW1Ih6a7m2Ya2xn+95xy+xrKrdHWqPQ:v1x6MdLoMd+LwUFFypNIh6iRYzxn+cEP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2964 65d3313b58943b9e7c1071c0e0c786fb.exe -
Executes dropped EXE 1 IoCs
pid Process 2964 65d3313b58943b9e7c1071c0e0c786fb.exe -
resource yara_rule behavioral2/memory/1752-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000600000002320c-12.dat upx behavioral2/memory/2964-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1752 65d3313b58943b9e7c1071c0e0c786fb.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1752 65d3313b58943b9e7c1071c0e0c786fb.exe 2964 65d3313b58943b9e7c1071c0e0c786fb.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1752 wrote to memory of 2964 1752 65d3313b58943b9e7c1071c0e0c786fb.exe 86 PID 1752 wrote to memory of 2964 1752 65d3313b58943b9e7c1071c0e0c786fb.exe 86 PID 1752 wrote to memory of 2964 1752 65d3313b58943b9e7c1071c0e0c786fb.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe"C:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exeC:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2964
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
393KB
MD5e888ccea6ca042760a2310f473738cd6
SHA1cd79b287f225f0c9b7f2c39bf7bc12f58a0ba9f1
SHA256fc7f9cb5633ab4092b7a0b8fb62cf2f47937c6402abe298488c6fc1a5a9277df
SHA51236e81a1260bc564e65cf370e9a4819892948da28696b312be8968515e1598b2bb2fa74c0f7bf48c70dfa39822e895a1323343d2073cdc79c7a8846987ce63cb0