Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2024, 17:12
Behavioral task
behavioral1
Sample
8770301c32d8a0ea33c2a662ccfd4219.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8770301c32d8a0ea33c2a662ccfd4219.exe
Resource
win10v2004-20231215-en
General
-
Target
8770301c32d8a0ea33c2a662ccfd4219.exe
-
Size
1.3MB
-
MD5
8770301c32d8a0ea33c2a662ccfd4219
-
SHA1
c08572dd9a5aa9de294e375c8c379da346fa1bc2
-
SHA256
a854400af11dd16232301e5c27fe74ccb795854087b681161858a30d6e1920d4
-
SHA512
fc423f6105cbe9964aa4b4af5d42d738a61079d48054bef65c292bb311ed9af70a0ae7e4ded51dbdea9e6106a885f5344e1b71d12038321e25fddd522b2673b4
-
SSDEEP
24576:XxHBrhWoejJmKSnXFG60Avfe5mi6WaSi62duC8Qw1riKQYGQb+vG:BHBrOmKSnVxtfeci6ZufPriKQJ6
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2356 8770301c32d8a0ea33c2a662ccfd4219.exe -
Executes dropped EXE 1 IoCs
pid Process 2356 8770301c32d8a0ea33c2a662ccfd4219.exe -
resource yara_rule behavioral2/memory/3656-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x0006000000023141-11.dat upx behavioral2/memory/2356-14-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3656 8770301c32d8a0ea33c2a662ccfd4219.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3656 8770301c32d8a0ea33c2a662ccfd4219.exe 2356 8770301c32d8a0ea33c2a662ccfd4219.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3656 wrote to memory of 2356 3656 8770301c32d8a0ea33c2a662ccfd4219.exe 84 PID 3656 wrote to memory of 2356 3656 8770301c32d8a0ea33c2a662ccfd4219.exe 84 PID 3656 wrote to memory of 2356 3656 8770301c32d8a0ea33c2a662ccfd4219.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe"C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3656 -
C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exeC:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2356
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5ab70665576f5a30627549d613dd2d88d
SHA1bdd2ff10f7bf42c23056cfbe5b325493fcd807b9
SHA256571d583011dd4d4815e952992cf7e8fefeeffdfc1f28b6c797734222adc62e67
SHA512b90927f711fddd937bd320e7502fd006295fdbaf3a0a8d3119616b7f37e7817208dc5e8c2a9bed475249c844283914be4f97abbd60ef5ee004e2b716930b1803