Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2024, 22:46
Static task
static1
Behavioral task
behavioral1
Sample
87dcc310be1ecec878cd3a63448c6225.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
87dcc310be1ecec878cd3a63448c6225.exe
Resource
win10v2004-20231222-en
General
-
Target
87dcc310be1ecec878cd3a63448c6225.exe
-
Size
385KB
-
MD5
87dcc310be1ecec878cd3a63448c6225
-
SHA1
fab10799cd91ea3e6d26f70ce576cc7cd7f82f54
-
SHA256
f56fdc71f367895ecec4574ba2632c3852455a9a9c1229daae84e650bc9da779
-
SHA512
d8c49cb998db0af5463c990472d121d05d6f46ef10eac782c57f9fcbb229d1e50256715d1779f2d392a396cb40bbf319383558f19549b1e0d3479775facc0dd8
-
SSDEEP
6144:OslY0Y5WLLPg6IJ+PycfSHzfMOPTkR0B1K4BUuqoCVqMT7k+bKOCRx3R/B:s0pLLhI069wR0Bw4GuqoCQMT71L+xh/B
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 964 87dcc310be1ecec878cd3a63448c6225.exe -
Executes dropped EXE 1 IoCs
pid Process 964 87dcc310be1ecec878cd3a63448c6225.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 6 pastebin.com 7 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2480 87dcc310be1ecec878cd3a63448c6225.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2480 87dcc310be1ecec878cd3a63448c6225.exe 964 87dcc310be1ecec878cd3a63448c6225.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2480 wrote to memory of 964 2480 87dcc310be1ecec878cd3a63448c6225.exe 85 PID 2480 wrote to memory of 964 2480 87dcc310be1ecec878cd3a63448c6225.exe 85 PID 2480 wrote to memory of 964 2480 87dcc310be1ecec878cd3a63448c6225.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\87dcc310be1ecec878cd3a63448c6225.exe"C:\Users\Admin\AppData\Local\Temp\87dcc310be1ecec878cd3a63448c6225.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Users\Admin\AppData\Local\Temp\87dcc310be1ecec878cd3a63448c6225.exeC:\Users\Admin\AppData\Local\Temp\87dcc310be1ecec878cd3a63448c6225.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:964
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
295KB
MD514161f4c8673bd023d5dee151ba767a0
SHA1e409276379f0bf690df494f5b509c22f368c8952
SHA2566c2461875ec0c1798dfa82ed9de0b61ba30b0eef097e93a36cfbea416e249c38
SHA512266a7fc7174b4a69855ab348a77cfeb462816eaf35a3573bc0163a171bd95a15af1890cea6fcab613b80e4d539acd4b1b022e23200855d2e24f8048923c842fe