Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2024, 02:29
Static task
static1
Behavioral task
behavioral1
Sample
7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe
Resource
win10v2004-20231222-en
General
-
Target
7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe
-
Size
385KB
-
MD5
7ea4dac4bbdbba6b1a5f3c71dc565a1d
-
SHA1
338f23abe67944da5c35fe457a3d5bddb77e8116
-
SHA256
7cbae27236ed1d9ab9bd4125ce469ffc36e8f462dd0f52e6135d9784f4922554
-
SHA512
9a9799c3022e4d5dd2f31d2d6b985f71b1ccd39360365ecd7d6702a9150b7ab00c82e907040d3948cc322e242a7599dabe622df9416e0f08efc4b2567211cd92
-
SSDEEP
12288:GcP8Pk3tCNkBkPI8osjpBW7kP3N+97ZKuCvnvHof0rPdOt1nltqyxmZkkp7NcmHw:G28Pk3tCCBkQ8osFB2kP3N+97EuCvnvc
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3596 7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe -
Executes dropped EXE 1 IoCs
pid Process 3596 7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 3 pastebin.com 4 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3688 7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3688 7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe 3596 7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3688 wrote to memory of 3596 3688 7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe 87 PID 3688 wrote to memory of 3596 3688 7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe 87 PID 3688 wrote to memory of 3596 3688 7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe"C:\Users\Admin\AppData\Local\Temp\7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3688 -
C:\Users\Admin\AppData\Local\Temp\7ea4dac4bbdbba6b1a5f3c71dc565a1d.exeC:\Users\Admin\AppData\Local\Temp\7ea4dac4bbdbba6b1a5f3c71dc565a1d.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3596
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5f52e8ff1ef42fd812a95fe3d3321d674
SHA1491443c4c81adad6c545937c2cc0f6d48793abcd
SHA256c4cdb2cd3a09090238354ed258d5bda6b05b6bb5e6b000d17ee1cd9c787f5644
SHA512d3efdf6f8e25e98169b3d9503e9b53ed7d68ea8fa499b1cc730011728ed1f4afebbc0e3ce03baa6197d12c0b5920671f54689387fadad3eb332454fcafecb706