Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02/02/2024, 07:07
Behavioral task
behavioral1
Sample
88e08d2ea65b67e0887fbc3cd528a675.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
88e08d2ea65b67e0887fbc3cd528a675.exe
Resource
win10v2004-20231215-en
General
-
Target
88e08d2ea65b67e0887fbc3cd528a675.exe
-
Size
4.4MB
-
MD5
88e08d2ea65b67e0887fbc3cd528a675
-
SHA1
c122e9c54aff1bc53b123161ec0c068ab2de8434
-
SHA256
c48966c086bd96f08086b25818b02275aec8c65623526ea4b0aabf79b527f8e7
-
SHA512
219fa35aca7d935497d1489fd30133e04e92b5f8fb032a174e135f74d0ca8d42a7fc7c708a408094efa54f5ebf75829aa3b253811f5fef45f818325b827b9c2f
-
SSDEEP
98304:+BPyrSVIqI+zH4HBUCcqFp1HK3UT4NT4HBUCcg:+ZyrSG+0WC/f1q3ULWCX
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3372 88e08d2ea65b67e0887fbc3cd528a675.exe -
Executes dropped EXE 1 IoCs
pid Process 3372 88e08d2ea65b67e0887fbc3cd528a675.exe -
resource yara_rule behavioral2/memory/1628-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0007000000023136-11.dat upx behavioral2/memory/3372-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1628 88e08d2ea65b67e0887fbc3cd528a675.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1628 88e08d2ea65b67e0887fbc3cd528a675.exe 3372 88e08d2ea65b67e0887fbc3cd528a675.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1628 wrote to memory of 3372 1628 88e08d2ea65b67e0887fbc3cd528a675.exe 84 PID 1628 wrote to memory of 3372 1628 88e08d2ea65b67e0887fbc3cd528a675.exe 84 PID 1628 wrote to memory of 3372 1628 88e08d2ea65b67e0887fbc3cd528a675.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\88e08d2ea65b67e0887fbc3cd528a675.exe"C:\Users\Admin\AppData\Local\Temp\88e08d2ea65b67e0887fbc3cd528a675.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Users\Admin\AppData\Local\Temp\88e08d2ea65b67e0887fbc3cd528a675.exeC:\Users\Admin\AppData\Local\Temp\88e08d2ea65b67e0887fbc3cd528a675.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3372
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD56682ce0e3ab05270116ac84273b34d4e
SHA1f3a5609cd343a8a9fd66d50aa83eebef5d38d6bb
SHA256c74943f4431181123f1ca0c30c7a4ec56d14de9c0a1b569594b412d55377fedf
SHA5129c255e5e48aa3b91f291fa71cd9b8b594ee4737265823485047d28d9fb960dff8921885c209122be59d806fbb2f5bb90f6de8f0696c45a745ed1bb7e0560ecc9