Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2024, 04:30
Behavioral task
behavioral1
Sample
794851c931a595c4b038040d100c0627.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
794851c931a595c4b038040d100c0627.exe
Resource
win10v2004-20231215-en
General
-
Target
794851c931a595c4b038040d100c0627.exe
-
Size
1.5MB
-
MD5
794851c931a595c4b038040d100c0627
-
SHA1
9b41adde021664a8b20968710aea10f4e40eed13
-
SHA256
9da8b382fe7e49ead631fa4ac436947b68f4b4d948fd267456e87a62f1fe53aa
-
SHA512
229dcbb0420768a25725bd6e8b30c4c1ff0d27fbbbd230a2310770f309712c43191ec58e594fbfd5f9cf159e58309df01db4bcb6a5eac84b4ce6182b0653f4d8
-
SSDEEP
24576:3Xa7DtdoAK7hyBLTeuX9/ILsQVlzIt/fDyG/Yv4sIgA4BWxHxF7fW:na3tOz7MBLT0tl0tzxwvVIgkHHf
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4284 794851c931a595c4b038040d100c0627.exe -
Executes dropped EXE 1 IoCs
pid Process 4284 794851c931a595c4b038040d100c0627.exe -
resource yara_rule behavioral2/memory/2412-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000f000000023124-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2412 794851c931a595c4b038040d100c0627.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2412 794851c931a595c4b038040d100c0627.exe 4284 794851c931a595c4b038040d100c0627.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2412 wrote to memory of 4284 2412 794851c931a595c4b038040d100c0627.exe 86 PID 2412 wrote to memory of 4284 2412 794851c931a595c4b038040d100c0627.exe 86 PID 2412 wrote to memory of 4284 2412 794851c931a595c4b038040d100c0627.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe"C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exeC:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4284
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
122KB
MD5b7f95f9817f874a5e68e70b23f8e0140
SHA1210e77ec1da9677e1f7333604597d6276a62fae8
SHA2565e8990198c3c67ae5f72451d12cf8428b5839793ec53b9b37db80340ef41c6cd
SHA5129ad7f6a9a4fe5c1e0054cef3830f49a25b88817bf276a017bca1c854646c1136a70999e635d99ce98b2b19e67a170caa70fae73b24670fc0324d80b235d5d038