Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
85s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2024, 20:08
Static task
static1
Behavioral task
behavioral1
Sample
65ec2fd57d26c57f00998518b2be50d4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
65ec2fd57d26c57f00998518b2be50d4.exe
Resource
win10v2004-20231215-en
General
-
Target
65ec2fd57d26c57f00998518b2be50d4.exe
-
Size
907KB
-
MD5
65ec2fd57d26c57f00998518b2be50d4
-
SHA1
d66eb54a0031bdb9fbab4e01926ba7f799913cd6
-
SHA256
6bc0018e820e26dda5761444d986cd378b85e821f3ef3c16003a87a1581dceca
-
SHA512
b72f155b8a44d5a602ed77b92213609acba7a5b36d34ae091989592c1b81b1ef9a7ad9e73c0fc1840338dd6617b4aaa96c08aeb320545eba51b2c096764d28c7
-
SSDEEP
12288:aCG6FygVH63C7bjfqfzB7VVVZYfkRP3YzOy1I+R8SwhjpSttqjIwXjqQSeQjVDaq:a2/2bB7l1cVRjw7StmTqi2a/ZS1
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3592 65ec2fd57d26c57f00998518b2be50d4.exe -
Executes dropped EXE 1 IoCs
pid Process 3592 65ec2fd57d26c57f00998518b2be50d4.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2556 65ec2fd57d26c57f00998518b2be50d4.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2556 65ec2fd57d26c57f00998518b2be50d4.exe 3592 65ec2fd57d26c57f00998518b2be50d4.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2556 wrote to memory of 3592 2556 65ec2fd57d26c57f00998518b2be50d4.exe 87 PID 2556 wrote to memory of 3592 2556 65ec2fd57d26c57f00998518b2be50d4.exe 87 PID 2556 wrote to memory of 3592 2556 65ec2fd57d26c57f00998518b2be50d4.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\65ec2fd57d26c57f00998518b2be50d4.exe"C:\Users\Admin\AppData\Local\Temp\65ec2fd57d26c57f00998518b2be50d4.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Users\Admin\AppData\Local\Temp\65ec2fd57d26c57f00998518b2be50d4.exeC:\Users\Admin\AppData\Local\Temp\65ec2fd57d26c57f00998518b2be50d4.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3592
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
907KB
MD57e87bd26d7859824a73bfc9743547b9b
SHA14494b21ed1dbfdfccd64398143de3e9f4ac09c24
SHA2563c39773bab3016c83d57889b51a6652fa106b296f20c7532356c63293c3ba5eb
SHA512b24cc089fd640900851365a19e55bdc1524bcb1412c5bf6caa344849580760ff94f243a502d6769d79ac9e4274d96eb2226d4c94a08bbaca24fb700e656ade9c