Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2024, 10:45
Behavioral task
behavioral1
Sample
86b1aeb8274105ab2ada325f23857d32.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
86b1aeb8274105ab2ada325f23857d32.exe
Resource
win10v2004-20231222-en
General
-
Target
86b1aeb8274105ab2ada325f23857d32.exe
-
Size
1.3MB
-
MD5
86b1aeb8274105ab2ada325f23857d32
-
SHA1
15f1d9731e894055a7c833e6566d6aab11a83761
-
SHA256
106d44053f992d84c548e2641826c458434f70b8a0810e1405f2c693bb9c6985
-
SHA512
1623538854f9a51eca11383c518933ebec05b29d8276aa7a522ee9616cbd6d073fc3bb47e4c1f075bcfcf8933560c7dd5c1155e11641ddeeb268445042e454c8
-
SSDEEP
24576:scf6odiivL2iXtiUZDS3uPB7NFqEmq0Zojs0tosoRGUfBlkMYNs5mzx7U9/9Us:hTvqiXUUoePhNh5tAGUkMYUm14R9j
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2884 86b1aeb8274105ab2ada325f23857d32.exe -
Executes dropped EXE 1 IoCs
pid Process 2884 86b1aeb8274105ab2ada325f23857d32.exe -
resource yara_rule behavioral2/memory/1528-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x00070000000231f2-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1528 86b1aeb8274105ab2ada325f23857d32.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1528 86b1aeb8274105ab2ada325f23857d32.exe 2884 86b1aeb8274105ab2ada325f23857d32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1528 wrote to memory of 2884 1528 86b1aeb8274105ab2ada325f23857d32.exe 84 PID 1528 wrote to memory of 2884 1528 86b1aeb8274105ab2ada325f23857d32.exe 84 PID 1528 wrote to memory of 2884 1528 86b1aeb8274105ab2ada325f23857d32.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exe"C:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exeC:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2884
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD5df4b6821fb7c36e0bd4aa584e6eaf252
SHA1e6695839127e7245fbf60aee93104ffe3c48830c
SHA2561bc593641f54b8acbf2d80333e7fe2d5eece844b891071acfd5e7e6531a947b5
SHA51250b6474de1f0ef22ed5ce51f704306b8c254d777d3fe9c01f79c2012f3cc5861d85404683dca70cc2551dc3023cabf287f471a13fda52c33c7829dcc148cda61