Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02/02/2024, 14:37
Behavioral task
behavioral1
Sample
89c497d0127c669b86a52a5c6833b25c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
89c497d0127c669b86a52a5c6833b25c.exe
Resource
win10v2004-20231215-en
General
-
Target
89c497d0127c669b86a52a5c6833b25c.exe
-
Size
5.3MB
-
MD5
89c497d0127c669b86a52a5c6833b25c
-
SHA1
642634f79cd2db7f0caab3d5786608ad85cee4c8
-
SHA256
fd58415e0d71d7cb35d07cd6739d51f6cb486c11c37067dd2fe549fb2e9f0df8
-
SHA512
7bcd05a1a6525cc09f3d01a67081c05de60a93d8afee3a8847fd1025ce933ccd338fbaa9ddb19d2c888eacd2c5be996cf9ac5362476fd25b9b84b47b789565ca
-
SSDEEP
98304:9TXID5b9tsHnH8Keka3IAwWyk9HvCocbnuXADG266fH8Keka3IAwWyk9Hj:xXIDp9advS9lPCoGuAi266fdvS9lD
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3916 89c497d0127c669b86a52a5c6833b25c.exe -
Executes dropped EXE 1 IoCs
pid Process 3916 89c497d0127c669b86a52a5c6833b25c.exe -
resource yara_rule behavioral2/memory/2408-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x00080000000231f4-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2408 89c497d0127c669b86a52a5c6833b25c.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2408 89c497d0127c669b86a52a5c6833b25c.exe 3916 89c497d0127c669b86a52a5c6833b25c.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2408 wrote to memory of 3916 2408 89c497d0127c669b86a52a5c6833b25c.exe 84 PID 2408 wrote to memory of 3916 2408 89c497d0127c669b86a52a5c6833b25c.exe 84 PID 2408 wrote to memory of 3916 2408 89c497d0127c669b86a52a5c6833b25c.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\89c497d0127c669b86a52a5c6833b25c.exe"C:\Users\Admin\AppData\Local\Temp\89c497d0127c669b86a52a5c6833b25c.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Users\Admin\AppData\Local\Temp\89c497d0127c669b86a52a5c6833b25c.exeC:\Users\Admin\AppData\Local\Temp\89c497d0127c669b86a52a5c6833b25c.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3916
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
174KB
MD55aab74c4cda7d2b7b7d00400c443f928
SHA1684b2b06c2a48a8e5a90071141905ec31ddee20d
SHA256536c70f460f2fb58e6be5824a1d367556ff417caf14235675b3686d50d670d11
SHA512eef5b6843f4f147e1ecceb3b38fdea552d47277727e54f5a4749962acc0f9178d80850b278a9d9a37e74698705390b2d873f3c96c1a19f3f004c278783ec3fe5