Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2024, 05:56
Static task
static1
Behavioral task
behavioral1
Sample
7f0f5337ea9e44ebf7e93ff56299829d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7f0f5337ea9e44ebf7e93ff56299829d.exe
Resource
win10v2004-20231215-en
General
-
Target
7f0f5337ea9e44ebf7e93ff56299829d.exe
-
Size
907KB
-
MD5
7f0f5337ea9e44ebf7e93ff56299829d
-
SHA1
b1b613558c5ea295aff1eda08cbbc8316e1d365d
-
SHA256
b2831fc5c60a9ba6b3a357fa02bd5c0ce9bed7dae7bbd052eac2a92fe621b48c
-
SHA512
d8d55d87cd469b50c5bd696b49090b7486a28cbc44ac143ca0aa042945dc90678a4727312a1134d9ce8d5ce4fa920304cea86ee31e885ace3898a2e7f29b500c
-
SSDEEP
12288:ZCkv+Bh8eWFSY56tvc9O6S6U1O8emG5xAdhgJOH8nXcBYOFe0g02jVDa/ZS1:ZArcZ56tk9PS6tvNJOcYTFet00a/ZS1
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2268 7f0f5337ea9e44ebf7e93ff56299829d.exe -
Executes dropped EXE 1 IoCs
pid Process 2268 7f0f5337ea9e44ebf7e93ff56299829d.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 12 pastebin.com 13 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2752 7f0f5337ea9e44ebf7e93ff56299829d.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2752 7f0f5337ea9e44ebf7e93ff56299829d.exe 2268 7f0f5337ea9e44ebf7e93ff56299829d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2752 wrote to memory of 2268 2752 7f0f5337ea9e44ebf7e93ff56299829d.exe 85 PID 2752 wrote to memory of 2268 2752 7f0f5337ea9e44ebf7e93ff56299829d.exe 85 PID 2752 wrote to memory of 2268 2752 7f0f5337ea9e44ebf7e93ff56299829d.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exe"C:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exeC:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2268
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
137KB
MD53d8fa8279355e4dac061039963582177
SHA1f2c9c3a7bf97a84152e8f077a0b59474c5757158
SHA256075015a8b436ecf17a56caa44504fda98547610526a3b861d7ab83fccd5064a3
SHA512dfa6cf4b09ddbe89d082cca9d89ead747fe319cee5b1b15e6a25683c3ef5b43e07df2307fce33af1d69b9ed7a2e2949776f2eeb6d85f9124951090e9b4866a6b