Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02/02/2024, 15:36
Behavioral task
behavioral1
Sample
89e3c2f8356295b60460eff9511785df.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
89e3c2f8356295b60460eff9511785df.exe
Resource
win10v2004-20231215-en
General
-
Target
89e3c2f8356295b60460eff9511785df.exe
-
Size
5.3MB
-
MD5
89e3c2f8356295b60460eff9511785df
-
SHA1
bed20d36520eee011c5d182684867f780bce3fbe
-
SHA256
71610eaec0ee95d261d3442df7c6ef81b37f8b53227066b9367954ff3970f9ef
-
SHA512
992c0788d0bd97ad4d8364c403f1f6eef4adffca5555781a237005983bd6fd85a7c6b6a607f2341562d9b92b6ba16194fe1ffedf521ed40f92d23b8ca5eb78f6
-
SSDEEP
98304:b9H0pN4r8ViVXHQPQNcSaHy7To1XoBtfHBHQPQNcSaHj:ZH0pm8Vg7Nta/1itfHB7NtaD
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2288 89e3c2f8356295b60460eff9511785df.exe -
Executes dropped EXE 1 IoCs
pid Process 2288 89e3c2f8356295b60460eff9511785df.exe -
resource yara_rule behavioral2/memory/1628-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x0007000000023136-11.dat upx behavioral2/memory/2288-13-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1628 89e3c2f8356295b60460eff9511785df.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1628 89e3c2f8356295b60460eff9511785df.exe 2288 89e3c2f8356295b60460eff9511785df.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1628 wrote to memory of 2288 1628 89e3c2f8356295b60460eff9511785df.exe 84 PID 1628 wrote to memory of 2288 1628 89e3c2f8356295b60460eff9511785df.exe 84 PID 1628 wrote to memory of 2288 1628 89e3c2f8356295b60460eff9511785df.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\89e3c2f8356295b60460eff9511785df.exe"C:\Users\Admin\AppData\Local\Temp\89e3c2f8356295b60460eff9511785df.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Users\Admin\AppData\Local\Temp\89e3c2f8356295b60460eff9511785df.exeC:\Users\Admin\AppData\Local\Temp\89e3c2f8356295b60460eff9511785df.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2288
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.8MB
MD566169098b67a0b7af06abe4f9e7fba5a
SHA1286d8f2ac94926b8a22eda98bc74b5b4adbf771f
SHA25690c4732e7b30b3678b395e2b6779f3efda8af59389a5050449716a78805bf63b
SHA5123d66f7e43f4dae501457803e8b74993d553396ff9f98de4168c952667194e0cfbe0db405005eece8f4af8bc21fa3667632a1be5668618af3ed285486da687363