Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 09:59
Behavioral task
behavioral1
Sample
9921326d5eae0f9bdf9346f684c4f612.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9921326d5eae0f9bdf9346f684c4f612.exe
Resource
win10v2004-20231215-en
General
-
Target
9921326d5eae0f9bdf9346f684c4f612.exe
-
Size
1.3MB
-
MD5
9921326d5eae0f9bdf9346f684c4f612
-
SHA1
91f2d78e15c2bacefe6350f11fe9d48055a2a4c2
-
SHA256
0f7e82ff1186c7cf8667b22726bd9e730cd256bb75236af178d2b80f2c83ee3a
-
SHA512
14bbeaf91b698cfd052d1e13945de4287beb715df5eb3322e26ebba347b80a07a34fd18fdc68710409cdcf3ed054c5c9b0ff08c5fdf42a1e89a9aab204179d47
-
SSDEEP
24576:h6Vba/HtEpgo37iRD/6JOR2UKQFsSzUkYqAtwsERqiPs4F274OsqNql25t6apNSL:h6Vba/HWzLC/zMn+uNjFL4F+sqIUSapI
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1236 9921326d5eae0f9bdf9346f684c4f612.exe -
Executes dropped EXE 1 IoCs
pid Process 1236 9921326d5eae0f9bdf9346f684c4f612.exe -
resource yara_rule behavioral2/memory/2420-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0006000000023220-11.dat upx behavioral2/memory/1236-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2420 9921326d5eae0f9bdf9346f684c4f612.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2420 9921326d5eae0f9bdf9346f684c4f612.exe 1236 9921326d5eae0f9bdf9346f684c4f612.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2420 wrote to memory of 1236 2420 9921326d5eae0f9bdf9346f684c4f612.exe 84 PID 2420 wrote to memory of 1236 2420 9921326d5eae0f9bdf9346f684c4f612.exe 84 PID 2420 wrote to memory of 1236 2420 9921326d5eae0f9bdf9346f684c4f612.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exe"C:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exeC:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1236
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
896KB
MD59b908f622ed2c8bb2fb7ce985883c78b
SHA1a94ff2dac7fe98c69f671be66cf594109131e838
SHA256fa4aebafeae3606a64127ba3667cb62de5d581515dd7959262ed73690a6a6bf0
SHA512bf94887e3861cadf399babb33366011b9462d4c12ea90064894df755d7e8c23ff97d4e8e5fc732a2dc9a0cf83ff7ae5eb8509f5e481ffe65cb64ac2c9ca6c72f