Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/02/2024, 02:40
Behavioral task
behavioral1
Sample
9a8be058b3c3ed72b59de20c070a2aa8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9a8be058b3c3ed72b59de20c070a2aa8.exe
Resource
win10v2004-20231215-en
General
-
Target
9a8be058b3c3ed72b59de20c070a2aa8.exe
-
Size
5.3MB
-
MD5
9a8be058b3c3ed72b59de20c070a2aa8
-
SHA1
f8940b780b88bdc212ab96de64758fedb76c5827
-
SHA256
59e00d1117238f8f499058d2cb48409bcffe4263c52a2530c1f5717c95e514ca
-
SHA512
994ad283ed603f7b830b1d9335baeeaf919181c20b8dd23a4ed8b39532cd84d8031ecf370d437a988e8a7ac76adc92d1cca7f7531c6da93d3ae6c2bd91ae83dd
-
SSDEEP
98304:OjQ3q2YaJE8HSof/nw4JsqNvMoYD3FwHVN1LR+1igHI7ZjHSof/nw4JsqNvMoYDm:Oj6E8/ffxsgUwHSIddj/ffxsgUwD
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2240 9a8be058b3c3ed72b59de20c070a2aa8.exe -
Executes dropped EXE 1 IoCs
pid Process 2240 9a8be058b3c3ed72b59de20c070a2aa8.exe -
resource yara_rule behavioral2/memory/772-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x001100000002315e-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 772 9a8be058b3c3ed72b59de20c070a2aa8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 772 9a8be058b3c3ed72b59de20c070a2aa8.exe 2240 9a8be058b3c3ed72b59de20c070a2aa8.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 772 wrote to memory of 2240 772 9a8be058b3c3ed72b59de20c070a2aa8.exe 85 PID 772 wrote to memory of 2240 772 9a8be058b3c3ed72b59de20c070a2aa8.exe 85 PID 772 wrote to memory of 2240 772 9a8be058b3c3ed72b59de20c070a2aa8.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe"C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:772 -
C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exeC:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2240
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.3MB
MD5ec455bd51ec7f3c4c1898c64bcc30ce4
SHA1d63bdfc30525415628d0a03d9965bdd15a55fb6e
SHA2561818f011ae2a8e97027a6418cce0dc8d7908db10970eec09da51f5f2df73bec9
SHA512507cf710d6ba985efc5914b3bb1e00393cd8605abe3072194ca568d90a31eaf759875d2525b76f713045605eb746cbc18b36b8a579d70671bcb62283bf2c6a09