Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/01/2024, 15:21
Behavioral task
behavioral1
Sample
6fc55a52c65710d459baad1bb4bf9f67.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6fc55a52c65710d459baad1bb4bf9f67.exe
Resource
win10v2004-20231215-en
General
-
Target
6fc55a52c65710d459baad1bb4bf9f67.exe
-
Size
2.7MB
-
MD5
6fc55a52c65710d459baad1bb4bf9f67
-
SHA1
8fd2f3ad14e6d841ff810f5de0af397cae6fcbac
-
SHA256
265610a14cd084430573f5b38836136eaa697a602acfdd38181f25e29805321d
-
SHA512
063ea6bc7f92ef1383787adbedf2bbef3e7e8cecd138062fec8546f933b899812fc237fa45181cdd57c247a2051101f5c93d415721fc1c22e55eeb60703d9b39
-
SSDEEP
49152:Sayd14Z+T5QWSnWJ7HYvbrFtv2LIR9mmp0oQipdAjXyt9/Z+38MBEuHgkNR9j:SF4QNAgorWLIHmmp0oFpoi3/b4EufHj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4740 6fc55a52c65710d459baad1bb4bf9f67.exe -
Executes dropped EXE 1 IoCs
pid Process 4740 6fc55a52c65710d459baad1bb4bf9f67.exe -
resource yara_rule behavioral2/memory/472-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x00060000000231b7-12.dat upx behavioral2/memory/4740-14-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 472 6fc55a52c65710d459baad1bb4bf9f67.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 472 6fc55a52c65710d459baad1bb4bf9f67.exe 4740 6fc55a52c65710d459baad1bb4bf9f67.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 472 wrote to memory of 4740 472 6fc55a52c65710d459baad1bb4bf9f67.exe 81 PID 472 wrote to memory of 4740 472 6fc55a52c65710d459baad1bb4bf9f67.exe 81 PID 472 wrote to memory of 4740 472 6fc55a52c65710d459baad1bb4bf9f67.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe"C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:472 -
C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exeC:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4740
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
707KB
MD5d5fb1e64fdee584949243fdf5c773c89
SHA1a8161b1315e3d29e1c109df0ac6789d049f0b293
SHA256d1540fa1c04a9cdda43ec63c1aecec1d4ece5974e8f46ebbaa454fb3805d9d2d
SHA512ef1a673df80b0a62f1ef022b41da8e5781e6abbde138291193669de8dea98e82f9fbaf1fa0698bded9ff32cebac2307e8763409352e8fc76d704618be19a8976