Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06/02/2024, 08:37
Behavioral task
behavioral1
Sample
94463c7bd67b1478fd80bc2b5e7ae2ae.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
94463c7bd67b1478fd80bc2b5e7ae2ae.exe
Resource
win10v2004-20231215-en
General
-
Target
94463c7bd67b1478fd80bc2b5e7ae2ae.exe
-
Size
2.7MB
-
MD5
94463c7bd67b1478fd80bc2b5e7ae2ae
-
SHA1
2846dfcd6a8f0fc40341d3133bb84ba049a0fee4
-
SHA256
026e7311280d3c6a06a979ae465de42a8b7cd99e0b0ac7d6e11eb071b441b56b
-
SHA512
afe778d3cb8dd07f5163946635f5d4539479539453766b0e2f5e5c183ebe7ac0bc1dc47c1a1402c547972c56cdbe2493c79f042411a8eb1cc85d4a02b6a0b537
-
SSDEEP
49152:cWrky6fuV5uziGgkXAcj3VFqJRx2Xr3qhrR9o334bIRbaLTtir8wV4jfUwLmy2pP:3vpV5u2UAOVFqJRx0r3qhrHq4bGaLTto
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 220 94463c7bd67b1478fd80bc2b5e7ae2ae.exe -
Executes dropped EXE 1 IoCs
pid Process 220 94463c7bd67b1478fd80bc2b5e7ae2ae.exe -
resource yara_rule behavioral2/memory/544-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x0009000000023037-11.dat upx behavioral2/memory/220-13-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 544 94463c7bd67b1478fd80bc2b5e7ae2ae.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 544 94463c7bd67b1478fd80bc2b5e7ae2ae.exe 220 94463c7bd67b1478fd80bc2b5e7ae2ae.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 544 wrote to memory of 220 544 94463c7bd67b1478fd80bc2b5e7ae2ae.exe 76 PID 544 wrote to memory of 220 544 94463c7bd67b1478fd80bc2b5e7ae2ae.exe 76 PID 544 wrote to memory of 220 544 94463c7bd67b1478fd80bc2b5e7ae2ae.exe 76
Processes
-
C:\Users\Admin\AppData\Local\Temp\94463c7bd67b1478fd80bc2b5e7ae2ae.exe"C:\Users\Admin\AppData\Local\Temp\94463c7bd67b1478fd80bc2b5e7ae2ae.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:544 -
C:\Users\Admin\AppData\Local\Temp\94463c7bd67b1478fd80bc2b5e7ae2ae.exeC:\Users\Admin\AppData\Local\Temp\94463c7bd67b1478fd80bc2b5e7ae2ae.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:220
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
509KB
MD51e3141f061ddf31fe9f8ecbeeb0abc6d
SHA19eef4bdedf7ca229a9675066cb80efbc1020d1de
SHA25617f93d492bad1af02aaa62069283828cb1f80ee113091e60443af50c68af43dc
SHA51216c58ef15381434b485772bc214a28700d78eb6f60809d9514bb2140c731f12e70406836d443fcc437c906d9632ba017b3057766aba8057e17d5fd9ed0bbd74b