Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
03/02/2024, 08:42
Behavioral task
behavioral1
Sample
8be5333aaed8bd221340e52353b14f81.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8be5333aaed8bd221340e52353b14f81.exe
Resource
win10v2004-20231222-en
General
-
Target
8be5333aaed8bd221340e52353b14f81.exe
-
Size
5.3MB
-
MD5
8be5333aaed8bd221340e52353b14f81
-
SHA1
88c69cf62a627358792362b8018bf393340dc4f2
-
SHA256
a1fb32e47eba66a54e46b5346e2a8fb21799251e4e5696ef743e9785703db746
-
SHA512
3c0e18de42a57fb4171707e8746278a07cb868d1a0d27b6a261945b291d93aeb4214d2e3a97181c838ffb201a16abd93d72dfc5f5bac158d17b1cb8b918f2ba6
-
SSDEEP
98304:4er21VQsHy0rR4iFoFWJ5TPdvHy0rR4ip:4QstqSoFW7Tldq8
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2644 8be5333aaed8bd221340e52353b14f81.exe -
Executes dropped EXE 1 IoCs
pid Process 2644 8be5333aaed8bd221340e52353b14f81.exe -
resource yara_rule behavioral2/memory/4980-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000800000002320a-11.dat upx behavioral2/memory/2644-12-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4980 8be5333aaed8bd221340e52353b14f81.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4980 8be5333aaed8bd221340e52353b14f81.exe 2644 8be5333aaed8bd221340e52353b14f81.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4980 wrote to memory of 2644 4980 8be5333aaed8bd221340e52353b14f81.exe 85 PID 4980 wrote to memory of 2644 4980 8be5333aaed8bd221340e52353b14f81.exe 85 PID 4980 wrote to memory of 2644 4980 8be5333aaed8bd221340e52353b14f81.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\8be5333aaed8bd221340e52353b14f81.exe"C:\Users\Admin\AppData\Local\Temp\8be5333aaed8bd221340e52353b14f81.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4980 -
C:\Users\Admin\AppData\Local\Temp\8be5333aaed8bd221340e52353b14f81.exeC:\Users\Admin\AppData\Local\Temp\8be5333aaed8bd221340e52353b14f81.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2644
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
640KB
MD519df1a139ce0a26d04d7e9a223ffecd0
SHA107e81257d71dd085b53ac76b6e32aedd17012c66
SHA2569d73f88c70c97ee69584adb9cd16a137140fcf29270ef8c58c9fec3ab2f15b98
SHA512ad8ea00504879234dbf499498f61af40e2f6d4cf6022a1e0c98fa2a459362170ff3a219037804245ccbb99327f96b57a5ac5c1c38c13770ea601a0397a5d900e