Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12/02/2024, 10:52
Behavioral task
behavioral1
Sample
96fae479413d570fc3ede490335770d9.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
96fae479413d570fc3ede490335770d9.exe
Resource
win10v2004-20231215-en
General
-
Target
96fae479413d570fc3ede490335770d9.exe
-
Size
1.3MB
-
MD5
96fae479413d570fc3ede490335770d9
-
SHA1
f9c398593d072f3306c0b480ec86070932a13317
-
SHA256
6f746655ee58705a2dea7bb29b936d7af9cf3d42c602c07306026539f2c37d95
-
SHA512
cb3796579b0d4a309306706e9226d5113ca6199c0adfe7b90bcf37f28274187fc4570aa49a794b7d014179bb0ff595caf9e45602bd61a250b5a4f6d4aa4f57c8
-
SSDEEP
24576:4RmTzlToUSZ3h5gFU9GSemB9vWPMe7RVJX1yY+B/k8tHvG:4R0JTo1r59G1oIR7Vls/l
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4964 96fae479413d570fc3ede490335770d9.exe -
Executes dropped EXE 1 IoCs
pid Process 4964 96fae479413d570fc3ede490335770d9.exe -
resource yara_rule behavioral2/memory/2912-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x000700000002322c-12.dat upx behavioral2/memory/4964-14-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2912 96fae479413d570fc3ede490335770d9.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2912 96fae479413d570fc3ede490335770d9.exe 4964 96fae479413d570fc3ede490335770d9.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2912 wrote to memory of 4964 2912 96fae479413d570fc3ede490335770d9.exe 84 PID 2912 wrote to memory of 4964 2912 96fae479413d570fc3ede490335770d9.exe 84 PID 2912 wrote to memory of 4964 2912 96fae479413d570fc3ede490335770d9.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\96fae479413d570fc3ede490335770d9.exe"C:\Users\Admin\AppData\Local\Temp\96fae479413d570fc3ede490335770d9.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Users\Admin\AppData\Local\Temp\96fae479413d570fc3ede490335770d9.exeC:\Users\Admin\AppData\Local\Temp\96fae479413d570fc3ede490335770d9.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4964
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5e23a828ad7b87018230f7227c50d5af8
SHA1d2f39c88ff45041e756ee8239f2b133ff56e99f9
SHA256723d85c484d2e22444e02fee7672e3afc78098eb7f0a5caec1a8a3501ff93a1a
SHA512c6254dbd2d567c9b6b0db3560e920bf2afefcd274e49d93ea3220e5ab5f5be647f1d13213cb1c0601b7a3f5cc7ec679cda43a293bff8c4f52c549ce89e4ac2d8