Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
03/02/2024, 19:22
Behavioral task
behavioral1
Sample
8d245426988d44f119dcbcc06786b1cf.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8d245426988d44f119dcbcc06786b1cf.exe
Resource
win10v2004-20231215-en
General
-
Target
8d245426988d44f119dcbcc06786b1cf.exe
-
Size
2.4MB
-
MD5
8d245426988d44f119dcbcc06786b1cf
-
SHA1
af1f84314abd4f51b2772d52d9722dcd378dbbcf
-
SHA256
a0534fdb6d88c10a42c37a0ea421fd97aa1afa9a364458baebc4380a35c10fa0
-
SHA512
a7ad19785ad7288f3a0f02110d4773a2cc718faf0e753e9d246a6a5215a95e5c3a919d9c718d31a8ba37a985677cc99f835f6ff921d26a89e22d4ab2eeaaa92d
-
SSDEEP
49152:nsYtTFW0GgJ5xsPXuoOYJitT/P4M338dB2IBlGuuDVUsdxxjr:CgWSY4tDgg3gnl/IVUs1jr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 564 8d245426988d44f119dcbcc06786b1cf.exe -
Executes dropped EXE 1 IoCs
pid Process 564 8d245426988d44f119dcbcc06786b1cf.exe -
resource yara_rule behavioral2/memory/4236-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000700000002313b-10.dat upx behavioral2/memory/564-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4236 8d245426988d44f119dcbcc06786b1cf.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4236 8d245426988d44f119dcbcc06786b1cf.exe 564 8d245426988d44f119dcbcc06786b1cf.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4236 wrote to memory of 564 4236 8d245426988d44f119dcbcc06786b1cf.exe 84 PID 4236 wrote to memory of 564 4236 8d245426988d44f119dcbcc06786b1cf.exe 84 PID 4236 wrote to memory of 564 4236 8d245426988d44f119dcbcc06786b1cf.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d245426988d44f119dcbcc06786b1cf.exe"C:\Users\Admin\AppData\Local\Temp\8d245426988d44f119dcbcc06786b1cf.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4236 -
C:\Users\Admin\AppData\Local\Temp\8d245426988d44f119dcbcc06786b1cf.exeC:\Users\Admin\AppData\Local\Temp\8d245426988d44f119dcbcc06786b1cf.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:564
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD511bdc9d20a2224558e907828449b13ce
SHA14b4e0c759c8ad58ebeca4b4ccf27353609b39997
SHA256a5a4132061c88ef6c686ba7eb0a046228e32b1df3c0729a6a16da052814a62f5
SHA5125d641990731d095c1511d5d42d566d25890a39029729c4e7641f554a7501eda0df49e1f9badb8fffa1527f0d961ef48c552750df81a856d1bc1b4e63c04554bd