Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2024, 23:38
Behavioral task
behavioral1
Sample
87f6f5ab879c7e22325ca49906021d8e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
87f6f5ab879c7e22325ca49906021d8e.exe
Resource
win10v2004-20231215-en
General
-
Target
87f6f5ab879c7e22325ca49906021d8e.exe
-
Size
1.5MB
-
MD5
87f6f5ab879c7e22325ca49906021d8e
-
SHA1
60f5729d9ea64f5ee1661bfd23f0655076355692
-
SHA256
7c16ae285279204748a77384b5cd59af0eb7c18f41196455325feba61726f304
-
SHA512
260ad0b2a132e0be97917e11a7b5a266ad33b24aae5c9630aa22e00d4c3512d16ccef60a085e1b3b15b9cbbf2437083545513a341d5993e9d3816f24d40fc276
-
SSDEEP
24576:7aYuH1ZryqvJq5ane4J5nTJ37uVwGNIuvHKf+08SF9XcBQYzKIioVLf26W:mYuH/ryqvfne4J51uTN10+01YGbWLl
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3932 87f6f5ab879c7e22325ca49906021d8e.exe -
Executes dropped EXE 1 IoCs
pid Process 3932 87f6f5ab879c7e22325ca49906021d8e.exe -
resource yara_rule behavioral2/memory/3932-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0008000000023225-11.dat upx behavioral2/memory/2144-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2144 87f6f5ab879c7e22325ca49906021d8e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2144 87f6f5ab879c7e22325ca49906021d8e.exe 3932 87f6f5ab879c7e22325ca49906021d8e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2144 wrote to memory of 3932 2144 87f6f5ab879c7e22325ca49906021d8e.exe 18 PID 2144 wrote to memory of 3932 2144 87f6f5ab879c7e22325ca49906021d8e.exe 18 PID 2144 wrote to memory of 3932 2144 87f6f5ab879c7e22325ca49906021d8e.exe 18
Processes
-
C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe"C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exeC:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3932
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
376KB
MD5c02fa77d68e421ea3091e904c5c1b4e5
SHA124159c20ef918ac35342394ddf9abad655d21bf4
SHA256bc41c8ac92124b7332e0cfd09a5a6d62ec325ddbf6ded6360961c810b78176ba
SHA5125778cb0af27ebc636e8f5a2eca300b395ced27a912761fbaa0d8c13cd1e552f85ebd255c2c4c9f4a5eccff9ac79e270ba737a424357ac0d28643610e09eca751