Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2024, 20:54
Behavioral task
behavioral1
Sample
689e19925254f332b99cc73ad05aae41.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
689e19925254f332b99cc73ad05aae41.exe
Resource
win10v2004-20231222-en
General
-
Target
689e19925254f332b99cc73ad05aae41.exe
-
Size
1.5MB
-
MD5
689e19925254f332b99cc73ad05aae41
-
SHA1
4b3ce4fcd3dc8494f397a329bdc1e2b11a6c8ebb
-
SHA256
e741c9948e787545a1de1268d1835813215aa69a603709b1c857e2b981379b5a
-
SHA512
73e07367d8f7b2e3367f3a22fad58c9daa3794e5f01f87d89d5f5076ae750a1ec32c0f34e2c5b45d0cbc323835d3ba62009e472a6710ace4fdab1282dbf9386f
-
SSDEEP
24576:TSHEii63fJ7VH0Sn8cDIFlBMVMKcI2Y/IKt5RuEJClrRAI5LAHMjBmkkW:2HEMffHkDZMVFaabaFAMAH5n
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2824 689e19925254f332b99cc73ad05aae41.exe -
Executes dropped EXE 1 IoCs
pid Process 2824 689e19925254f332b99cc73ad05aae41.exe -
resource yara_rule behavioral2/memory/4972-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000400000001e630-11.dat upx behavioral2/memory/2824-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4972 689e19925254f332b99cc73ad05aae41.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4972 689e19925254f332b99cc73ad05aae41.exe 2824 689e19925254f332b99cc73ad05aae41.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4972 wrote to memory of 2824 4972 689e19925254f332b99cc73ad05aae41.exe 87 PID 4972 wrote to memory of 2824 4972 689e19925254f332b99cc73ad05aae41.exe 87 PID 4972 wrote to memory of 2824 4972 689e19925254f332b99cc73ad05aae41.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe"C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exeC:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2824
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
383KB
MD59a9e9b35ffa8cb172d935fb27671e190
SHA172539eb04297a3c9924bddfc5fb19f33a16938b3
SHA256931c200ce3fda000e78f45a9d1b5ddf7235a1771c28706991e39936dccd1145d
SHA5129ae69a91b0009d90bc1a4400bcbda6fad9bd5bf9a855e5312a9f1d68349b6a6b9b4773a4c1f2ddac0c9a1c3c33596bed4faeee5bfde003a7ae6d53d9ad552b6a