Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
87s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 01:38
Behavioral task
behavioral1
Sample
982791bbdec792a81d027a65865aedde.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
982791bbdec792a81d027a65865aedde.exe
Resource
win10v2004-20231222-en
General
-
Target
982791bbdec792a81d027a65865aedde.exe
-
Size
56KB
-
MD5
982791bbdec792a81d027a65865aedde
-
SHA1
403140d6d3c073d4a7a7a9d6fe60a4cc29db0070
-
SHA256
b316493de2af36fbf5ebb100d6d1410a2b8b542ff880ee65b3113f32d1947b32
-
SHA512
a53b6cef2efdbaa72055845d2d1568f93d5e7960c09e2303ba7b442fb7ae18700a35c5f4db30cff40c933bc6d949067a83a36f021d56a05007b8c2d866deaa86
-
SSDEEP
1536:UlKinCEM2DHo7Scl62iT0c31im36IQdax9KYyxV3e:Uo8MAcSK6D0cH6Yx47xV
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2060 982791bbdec792a81d027a65865aedde.exe -
Executes dropped EXE 1 IoCs
pid Process 2060 982791bbdec792a81d027a65865aedde.exe -
resource yara_rule behavioral2/memory/4040-0-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0008000000023207-11.dat upx behavioral2/memory/2060-13-0x0000000000400000-0x000000000043A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4040 982791bbdec792a81d027a65865aedde.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4040 982791bbdec792a81d027a65865aedde.exe 2060 982791bbdec792a81d027a65865aedde.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4040 wrote to memory of 2060 4040 982791bbdec792a81d027a65865aedde.exe 87 PID 4040 wrote to memory of 2060 4040 982791bbdec792a81d027a65865aedde.exe 87 PID 4040 wrote to memory of 2060 4040 982791bbdec792a81d027a65865aedde.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\982791bbdec792a81d027a65865aedde.exe"C:\Users\Admin\AppData\Local\Temp\982791bbdec792a81d027a65865aedde.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4040 -
C:\Users\Admin\AppData\Local\Temp\982791bbdec792a81d027a65865aedde.exeC:\Users\Admin\AppData\Local\Temp\982791bbdec792a81d027a65865aedde.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2060
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD521a2068d7729ef31321c8ba1ed03472c
SHA1de12e09dd5beef5f4cfdaba4e99287cd25131e81
SHA256ef91866ccb4478f417255366fc004450caa611cd04f9c8991fc4c0de6f783946
SHA512605f6808507b5673ea4ad1adc15a8db353410e78cdfa636a5e926a2d2dfd9f8a5c7a4569299949449c657bbd593d996647258e73631ad61ac78f6a0234a9ee6f