Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/01/2024, 08:00
Behavioral task
behavioral1
Sample
742820f33f3b6de66f1e732138ce00d0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
742820f33f3b6de66f1e732138ce00d0.exe
Resource
win10v2004-20231215-en
General
-
Target
742820f33f3b6de66f1e732138ce00d0.exe
-
Size
2.7MB
-
MD5
742820f33f3b6de66f1e732138ce00d0
-
SHA1
fa4ef2d54da09d56c269ef4eccf1e207effd9306
-
SHA256
95e140969133375f014fc17a0075628f5e5a24e11159f6260501334bfee2f3e7
-
SHA512
cd46b850139a8fb057610f170e00df8e580c67e3d4046e901aa001a74076b6257c9c9583d2b846986c1e95c6b3215cd0ab51df69c05b48096d061247ce9b3899
-
SSDEEP
49152:Zvt0+muWdb8IUFjQjTDDSHvv648r9fsHAJImSLMW:ZvQu0b8IUFsvSPv64i956mSLMW
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4780 742820f33f3b6de66f1e732138ce00d0.exe -
Executes dropped EXE 1 IoCs
pid Process 4780 742820f33f3b6de66f1e732138ce00d0.exe -
resource yara_rule behavioral2/memory/3204-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x0009000000022480-13.dat upx behavioral2/memory/4780-15-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3204 742820f33f3b6de66f1e732138ce00d0.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3204 742820f33f3b6de66f1e732138ce00d0.exe 4780 742820f33f3b6de66f1e732138ce00d0.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3204 wrote to memory of 4780 3204 742820f33f3b6de66f1e732138ce00d0.exe 89 PID 3204 wrote to memory of 4780 3204 742820f33f3b6de66f1e732138ce00d0.exe 89 PID 3204 wrote to memory of 4780 3204 742820f33f3b6de66f1e732138ce00d0.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe"C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3204 -
C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exeC:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4780
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD51a732bb2ca49df763fe970e30555b681
SHA1ba08b3b4a485d10b8300bd2dab19439752c07ad3
SHA256c7ccba6e1b7522ac34524e8bc819310767777b19ca4632280caedc100fa7ba70
SHA5123e973a5591f3d0fb5efe861c45c87273486f83852fe78b95116c04ac4d1c473a70c5c50b9625b8b52885201400bb8fcb483d4fd4e97166d409454fd974bd836e