Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
03/02/2024, 13:31
Behavioral task
behavioral1
Sample
8c7276c57467c7e96a249e8806e37cb7.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8c7276c57467c7e96a249e8806e37cb7.exe
Resource
win10v2004-20231215-en
General
-
Target
8c7276c57467c7e96a249e8806e37cb7.exe
-
Size
1.3MB
-
MD5
8c7276c57467c7e96a249e8806e37cb7
-
SHA1
7a0a8acc1a5ca9479481c618578eb83e3acfa8ef
-
SHA256
ee47f86f86e923435ecb7df5470c82d31f65c5fba952e41acad9082566046c2a
-
SHA512
b052f00ef44615047e0a084306387703154fd8b7cc6967117a1f54938d945620ab3967972c474044b0e99cf60b7a5ae84fec136b000b0e572326b26e96286d2c
-
SSDEEP
24576:diE4qRpW/p2K7G3BpJmM0nuSHEXuaFGaSLJ+ldrQ3vG:dl4t3cByM5+4uaFGaScnrQ
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2312 8c7276c57467c7e96a249e8806e37cb7.exe -
Executes dropped EXE 1 IoCs
pid Process 2312 8c7276c57467c7e96a249e8806e37cb7.exe -
resource yara_rule behavioral2/memory/848-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x0007000000023135-13.dat upx behavioral2/memory/2312-15-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 848 8c7276c57467c7e96a249e8806e37cb7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 848 8c7276c57467c7e96a249e8806e37cb7.exe 2312 8c7276c57467c7e96a249e8806e37cb7.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 848 wrote to memory of 2312 848 8c7276c57467c7e96a249e8806e37cb7.exe 83 PID 848 wrote to memory of 2312 848 8c7276c57467c7e96a249e8806e37cb7.exe 83 PID 848 wrote to memory of 2312 848 8c7276c57467c7e96a249e8806e37cb7.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c7276c57467c7e96a249e8806e37cb7.exe"C:\Users\Admin\AppData\Local\Temp\8c7276c57467c7e96a249e8806e37cb7.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Users\Admin\AppData\Local\Temp\8c7276c57467c7e96a249e8806e37cb7.exeC:\Users\Admin\AppData\Local\Temp\8c7276c57467c7e96a249e8806e37cb7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2312
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5519673323f5cf109589964f84ce8c55c
SHA17c8282f92e32244ffa23759b00f230b22f237121
SHA2566f0dae05126b8f8537af8a77e23a4cc2378b1641699b86a50b0a17690fbbb30e
SHA5120c79b2ed8929f2a87bf66f5e07231b216ecb27fa79ed03474c8d44faeb5186d0fa17f3c705f4234edabb9e2f4b5cb368f119fd8a9cfad2b06ee72bf9229e7f0d