Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
12/02/2024, 09:17
Behavioral task
behavioral1
Sample
96cea24e7d668d9b8db32861b8270106.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
96cea24e7d668d9b8db32861b8270106.exe
Resource
win10v2004-20231222-en
General
-
Target
96cea24e7d668d9b8db32861b8270106.exe
-
Size
5.8MB
-
MD5
96cea24e7d668d9b8db32861b8270106
-
SHA1
ae84bfc8ceede3f39697a0bb6b8bfb249077f1b4
-
SHA256
6f5fc29ba8fa21daf6d6cfe652098043de1d722048a06ed3d0d4bbeb744a2bb5
-
SHA512
742503dcbd5b7c29f1d2c76654bf3c4e61c1436f813407d273b363a58be7fe75dda16904bff4f61fae1b6424e671790bbb8915da0bc094087ea9d287644d884c
-
SSDEEP
98304:pQLKHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:0gauq1jI86FA7y2auq1jI86
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3380 96cea24e7d668d9b8db32861b8270106.exe -
Executes dropped EXE 1 IoCs
pid Process 3380 96cea24e7d668d9b8db32861b8270106.exe -
resource yara_rule behavioral2/memory/428-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000700000002323f-11.dat upx behavioral2/memory/3380-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 428 96cea24e7d668d9b8db32861b8270106.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 428 96cea24e7d668d9b8db32861b8270106.exe 3380 96cea24e7d668d9b8db32861b8270106.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 428 wrote to memory of 3380 428 96cea24e7d668d9b8db32861b8270106.exe 83 PID 428 wrote to memory of 3380 428 96cea24e7d668d9b8db32861b8270106.exe 83 PID 428 wrote to memory of 3380 428 96cea24e7d668d9b8db32861b8270106.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe"C:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:428 -
C:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exeC:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3380
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.8MB
MD543ea5a31a738dc5f7283ad5e098196a9
SHA1d30cd424001f1b4d779a8c0647f4755ab05ee41c
SHA256a282b39a600569b3fa544e4341690ef5c41645dee96204d1461dde748b987405
SHA512a01ea223f47e9079b28f92352f2871e91b453e97e9addb4f08c820fda24722e61df906e16af4df94f2af4947b256600a5fa03735e047097b76f0a6ac19084603