Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/01/2024, 14:38
Behavioral task
behavioral1
Sample
6fade2bc1082210a9eaef5d79ba01ad0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6fade2bc1082210a9eaef5d79ba01ad0.exe
Resource
win10v2004-20231215-en
General
-
Target
6fade2bc1082210a9eaef5d79ba01ad0.exe
-
Size
2.9MB
-
MD5
6fade2bc1082210a9eaef5d79ba01ad0
-
SHA1
86d6239e940dfc864daeee1099af64183af8753b
-
SHA256
88bca1df064f334db6653c4c7c045bae00947cd6286aacab10417cfb8e4dae12
-
SHA512
4ee2f71b868f16cd56393d3c039e99a7b76fe329d8f4ea155d718e8b6d63d35d608417d73be75056c35f16fec7ed4e1530b6ec1335faa8b6301f0f17d9fd652d
-
SSDEEP
49152:tPBA19QTHyM9hcWhR7KUKVSuN74NH5HUyNRcUsCVOzetdZJ:xcO8WTuPEu4HBUCczzM3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4944 6fade2bc1082210a9eaef5d79ba01ad0.exe -
Executes dropped EXE 1 IoCs
pid Process 4944 6fade2bc1082210a9eaef5d79ba01ad0.exe -
resource yara_rule behavioral2/memory/4112-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0007000000023217-11.dat upx behavioral2/memory/4944-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4112 6fade2bc1082210a9eaef5d79ba01ad0.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4112 6fade2bc1082210a9eaef5d79ba01ad0.exe 4944 6fade2bc1082210a9eaef5d79ba01ad0.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4112 wrote to memory of 4944 4112 6fade2bc1082210a9eaef5d79ba01ad0.exe 85 PID 4112 wrote to memory of 4944 4112 6fade2bc1082210a9eaef5d79ba01ad0.exe 85 PID 4112 wrote to memory of 4944 4112 6fade2bc1082210a9eaef5d79ba01ad0.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe"C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4112 -
C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exeC:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4944
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5bf2f896336e5df8167aec320c9a5cbb3
SHA14688de4e70f79d625ff0859ea8e65e7d3b8f613e
SHA2565a6ed18f48e3f205f2f2b13f260f3eb01a73b6d4cd1522723b7f2d11c5230f9c
SHA512e02609bdffef19f6c176989bae90306ea5f75b18a4ed76ebcfb7ea68defd3cef34d401fb99072e249e1ee2cb36276f4e22faea08f8369ad92060ec66def14108