Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
04/02/2024, 21:58
Behavioral task
behavioral1
Sample
904305f4e0d8a52a03c641d8409f8de7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
904305f4e0d8a52a03c641d8409f8de7.exe
Resource
win10v2004-20231215-en
General
-
Target
904305f4e0d8a52a03c641d8409f8de7.exe
-
Size
2.7MB
-
MD5
904305f4e0d8a52a03c641d8409f8de7
-
SHA1
1dd463a4952cbfabb6cb505bbeebd8e0a8a975e5
-
SHA256
b55f740c977f269990661aad2113b013931bba4ce24ec40162b275d6c9d7ae87
-
SHA512
c8b0c2a726086823043035916f3434fc5f5b277bafbee417b30efd7fcbbb7f1117f07a7511bd7394173298266412ed778dd83f65c5fe193c88fa654e1361a494
-
SSDEEP
49152:qQZenrWKFJeA7rFMU7oD8oK2InmO1Q8ZHtL1Y5Bn:xZerWKPeMMoeHK2IZ1Q8tfY
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3988 904305f4e0d8a52a03c641d8409f8de7.exe -
Executes dropped EXE 1 IoCs
pid Process 3988 904305f4e0d8a52a03c641d8409f8de7.exe -
resource yara_rule behavioral2/memory/332-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x0009000000023037-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 332 904305f4e0d8a52a03c641d8409f8de7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 332 904305f4e0d8a52a03c641d8409f8de7.exe 3988 904305f4e0d8a52a03c641d8409f8de7.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 332 wrote to memory of 3988 332 904305f4e0d8a52a03c641d8409f8de7.exe 23 PID 332 wrote to memory of 3988 332 904305f4e0d8a52a03c641d8409f8de7.exe 23 PID 332 wrote to memory of 3988 332 904305f4e0d8a52a03c641d8409f8de7.exe 23
Processes
-
C:\Users\Admin\AppData\Local\Temp\904305f4e0d8a52a03c641d8409f8de7.exe"C:\Users\Admin\AppData\Local\Temp\904305f4e0d8a52a03c641d8409f8de7.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:332 -
C:\Users\Admin\AppData\Local\Temp\904305f4e0d8a52a03c641d8409f8de7.exeC:\Users\Admin\AppData\Local\Temp\904305f4e0d8a52a03c641d8409f8de7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3988
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
186KB
MD5c49126cea7c4846077fb3cde6d12d5fc
SHA1e711673fb98f105a90b1b978c20635dc8c2d38fa
SHA2567bc7f8d2c186bb3d3d8464b25435f6b1e3abf06c4971812b95dac0ec2e639d3f
SHA512353adc722c74432a1b37512901c8bd0ed582809131854bceeedddae0f084324432e74fdbb827f5555d889c5a0b1d91bf75709abe80ac6642080d97e4136d7ef6