Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2024, 04:18
Behavioral task
behavioral1
Sample
66ad4f7b33f5aea6647d1cc0da27fd18.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
66ad4f7b33f5aea6647d1cc0da27fd18.exe
Resource
win10v2004-20231215-en
General
-
Target
66ad4f7b33f5aea6647d1cc0da27fd18.exe
-
Size
5.8MB
-
MD5
66ad4f7b33f5aea6647d1cc0da27fd18
-
SHA1
53acfb37bd63c74ec54ca0ceb3cab16fcd62f53b
-
SHA256
59144e903d61a6af4490dc5aa2391139deb81107b920d942bbdbb90612ac298f
-
SHA512
e66c38bb21988d964b43a9ae953e4bd4a2bcd01ba84d73339d998bd9a7c8a5cfdad2f82743d735c8595a93e1ea31ee1506a1ec0971cf840c3e7d248d3ea30dd3
-
SSDEEP
98304:IS7ce29HUFRXJJOugg3gnl/IVUs1jePs/dnsmKaoR76Ugg3gnl/IVUs1jePs:Nm9g5gl/iBiPsn1g7Zgl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3152 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
Executes dropped EXE 1 IoCs
pid Process 3152 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
resource yara_rule behavioral2/memory/1952-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000600000002321a-11.dat upx behavioral2/memory/3152-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1952 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1952 66ad4f7b33f5aea6647d1cc0da27fd18.exe 3152 66ad4f7b33f5aea6647d1cc0da27fd18.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1952 wrote to memory of 3152 1952 66ad4f7b33f5aea6647d1cc0da27fd18.exe 88 PID 1952 wrote to memory of 3152 1952 66ad4f7b33f5aea6647d1cc0da27fd18.exe 88 PID 1952 wrote to memory of 3152 1952 66ad4f7b33f5aea6647d1cc0da27fd18.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe"C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exeC:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3152
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5543eb01e1e4ce46a478d816a4e9faad1
SHA133d2897bc8528a1a17280adfbc12d06e72642589
SHA256d2b1dcd5ba9c3560478df32d4f14241d861b3bddeed674a3092b4e8722b52584
SHA512f5991be298cce7708e5a8725df5fc9e96f9c7b04124a210d074af1b358cfdb731870fc294317f379cb4a8f43683acdf840a0a40a2f4263d293377969801d65e1