Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 16:34
Behavioral task
behavioral1
Sample
999f3765cd39a7bb92de3ea9a064e100.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
999f3765cd39a7bb92de3ea9a064e100.exe
Resource
win10v2004-20231222-en
General
-
Target
999f3765cd39a7bb92de3ea9a064e100.exe
-
Size
1.5MB
-
MD5
999f3765cd39a7bb92de3ea9a064e100
-
SHA1
f0e77b6c9b1ed2c1fa5ba5038e14d057043739cd
-
SHA256
6c1077a782c95c8dcb0cd83d2e9a45325e693df635000f7f8129d2c3c6fe32dd
-
SHA512
1f41e9363efd66a84ce33a85d5e07a6266f56ec8ff4ffb03b6ae17b2cfbc3c08667d7553faade2df7def79480e9077092782ad884686ef344ab1e7dddeff1b03
-
SSDEEP
24576:wAko7AUDjtrJnFlvOZYc41WGBBoFTuu80bOSywIL6+qF+YtW:wAko7tVNFlBo6WF9j6SNH+A
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3276 999f3765cd39a7bb92de3ea9a064e100.exe -
Executes dropped EXE 1 IoCs
pid Process 3276 999f3765cd39a7bb92de3ea9a064e100.exe -
resource yara_rule behavioral2/memory/4040-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x00070000000231f9-11.dat upx behavioral2/memory/3276-12-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4040 999f3765cd39a7bb92de3ea9a064e100.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4040 999f3765cd39a7bb92de3ea9a064e100.exe 3276 999f3765cd39a7bb92de3ea9a064e100.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4040 wrote to memory of 3276 4040 999f3765cd39a7bb92de3ea9a064e100.exe 85 PID 4040 wrote to memory of 3276 4040 999f3765cd39a7bb92de3ea9a064e100.exe 85 PID 4040 wrote to memory of 3276 4040 999f3765cd39a7bb92de3ea9a064e100.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\999f3765cd39a7bb92de3ea9a064e100.exe"C:\Users\Admin\AppData\Local\Temp\999f3765cd39a7bb92de3ea9a064e100.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4040 -
C:\Users\Admin\AppData\Local\Temp\999f3765cd39a7bb92de3ea9a064e100.exeC:\Users\Admin\AppData\Local\Temp\999f3765cd39a7bb92de3ea9a064e100.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3276
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5760a7ee497423c43b01e1d2228d63a88
SHA10561f7d10a10c3410dccf53bcce93c59e5865e43
SHA25660421a97d0bcff7f8865739e3a9850da1f1a7e165e9d7a1a643994290b35d987
SHA512b198ac6eb223a0853d7ffcd20f224174aa5488a00dcd856b01b7215bf80ecc7083de40a8b885c2b2d14db5dec34c55b8902d45c044a2934bd13c3dd24efd4d4e