Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06/02/2024, 04:12
Behavioral task
behavioral1
Sample
93ca71fa068d7177651e2750a371d350.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
93ca71fa068d7177651e2750a371d350.exe
Resource
win10v2004-20231215-en
General
-
Target
93ca71fa068d7177651e2750a371d350.exe
-
Size
5.8MB
-
MD5
93ca71fa068d7177651e2750a371d350
-
SHA1
4c797370bcaa40652c7d28ecbe325dbd37775e2d
-
SHA256
6977a07ebd1e5168eb18849c675fd2ff2c24a1cc5a0230d48d9d31dc95d45fdb
-
SHA512
67ef8d10bf904f193eeff75c8082ef2db10128e8b02819dfb39ece2f1a355b60eab9d1f454096222d5764f9524a529d08ffb226ceddfd41c9bcd027499f10ea7
-
SSDEEP
98304:pOSH193+vtrRW4HBUCczzM3dnEprLuV94HBUCczzM3:J0VDWCBeuMWC
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1324 93ca71fa068d7177651e2750a371d350.exe -
Executes dropped EXE 1 IoCs
pid Process 1324 93ca71fa068d7177651e2750a371d350.exe -
resource yara_rule behavioral2/memory/2564-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x00070000000231fe-11.dat upx behavioral2/memory/1324-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2564 93ca71fa068d7177651e2750a371d350.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2564 93ca71fa068d7177651e2750a371d350.exe 1324 93ca71fa068d7177651e2750a371d350.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2564 wrote to memory of 1324 2564 93ca71fa068d7177651e2750a371d350.exe 84 PID 2564 wrote to memory of 1324 2564 93ca71fa068d7177651e2750a371d350.exe 84 PID 2564 wrote to memory of 1324 2564 93ca71fa068d7177651e2750a371d350.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\93ca71fa068d7177651e2750a371d350.exe"C:\Users\Admin\AppData\Local\Temp\93ca71fa068d7177651e2750a371d350.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Users\Admin\AppData\Local\Temp\93ca71fa068d7177651e2750a371d350.exeC:\Users\Admin\AppData\Local\Temp\93ca71fa068d7177651e2750a371d350.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1324
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
220KB
MD52f0ee189d2a2f1855f8aa9ee1c691801
SHA1e42b834d6aa2da518a89cdb4c2940d8fbacaabaa
SHA2565f90ff48f4ce9369d54cfd00c56a1a0aca00af111be84c605100838a2b41de4d
SHA512d9a79d726ebda60f97dfa9defaa4a7ee944b71875abd7c59ce6a777db3bcb66fca22d66f3a14c4e2f0a2084ed027511885b043ea6b11e7b9be5ccc4f85216add