Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02/02/2024, 03:50
Behavioral task
behavioral1
Sample
8879fdbfc9bc619b562119dcd86523d7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8879fdbfc9bc619b562119dcd86523d7.exe
Resource
win10v2004-20231215-en
General
-
Target
8879fdbfc9bc619b562119dcd86523d7.exe
-
Size
5.8MB
-
MD5
8879fdbfc9bc619b562119dcd86523d7
-
SHA1
9b2aa75c5d66446dc686ca4604cdc05429001f34
-
SHA256
88a4c2abc81f7556f21736b7c96ce8001985774d804d699fc20f1231052b52d1
-
SHA512
5878b53b034e56dab40825bc4286a817501a19c25995bea4b2768397bdb70edb4b39e1d22087561ddf81fda6f48b76ff20aa241d839ead90a97dd96cb7bd33d2
-
SSDEEP
98304:7X/LYYZ8oONHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:o6Opauq1jI86FA7y2auq1jI86
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 228 8879fdbfc9bc619b562119dcd86523d7.exe -
Executes dropped EXE 1 IoCs
pid Process 228 8879fdbfc9bc619b562119dcd86523d7.exe -
resource yara_rule behavioral2/memory/4640-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000d000000023167-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4640 8879fdbfc9bc619b562119dcd86523d7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4640 8879fdbfc9bc619b562119dcd86523d7.exe 228 8879fdbfc9bc619b562119dcd86523d7.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4640 wrote to memory of 228 4640 8879fdbfc9bc619b562119dcd86523d7.exe 84 PID 4640 wrote to memory of 228 4640 8879fdbfc9bc619b562119dcd86523d7.exe 84 PID 4640 wrote to memory of 228 4640 8879fdbfc9bc619b562119dcd86523d7.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\8879fdbfc9bc619b562119dcd86523d7.exe"C:\Users\Admin\AppData\Local\Temp\8879fdbfc9bc619b562119dcd86523d7.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4640 -
C:\Users\Admin\AppData\Local\Temp\8879fdbfc9bc619b562119dcd86523d7.exeC:\Users\Admin\AppData\Local\Temp\8879fdbfc9bc619b562119dcd86523d7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:228
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD54d64ef6bf1ff1e8b1ecdc67d006dbc6e
SHA11a4ccb9d4f24b51741fae2cd8dce8ae59d230366
SHA2564bafe90af24cd1abf67cf26fe719e4ba20345f5c5205e7b27b51ef484514907f
SHA5127af0020c0f23737daff90f6d912ae8cc097067025d1a3720eda6309c49f4b05d5eabe1d304b2f5f7079518091f7f798eda80fd3c53c852e5e08f5a2b0218412e