Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/02/2024, 12:00
Behavioral task
behavioral1
Sample
9b9ddd82b44fe2de0a4346f501f900a0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9b9ddd82b44fe2de0a4346f501f900a0.exe
Resource
win10v2004-20231215-en
General
-
Target
9b9ddd82b44fe2de0a4346f501f900a0.exe
-
Size
2.9MB
-
MD5
9b9ddd82b44fe2de0a4346f501f900a0
-
SHA1
545f0eea4150ec88b4e87d6861ed7913385797ed
-
SHA256
58e3c6a559b8f75b68bb037472892bf1e18f8d57e2c75da5dae975734c334e63
-
SHA512
7e5784f3a65b0a698558fb6b22756c6991f475e6b447e28f3d6a0a71f0543b97af09e09b88e5ae2f4cdeb3130611f2b409e6596c489191ef92a0391371138e39
-
SSDEEP
49152:nmh2LMvCzI4FieFUSfJxtfP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:nmoLMviI4iCUkRgg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3748 9b9ddd82b44fe2de0a4346f501f900a0.exe -
Executes dropped EXE 1 IoCs
pid Process 3748 9b9ddd82b44fe2de0a4346f501f900a0.exe -
resource yara_rule behavioral2/memory/932-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000700000002320c-11.dat upx behavioral2/memory/3748-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 932 9b9ddd82b44fe2de0a4346f501f900a0.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 932 9b9ddd82b44fe2de0a4346f501f900a0.exe 3748 9b9ddd82b44fe2de0a4346f501f900a0.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 932 wrote to memory of 3748 932 9b9ddd82b44fe2de0a4346f501f900a0.exe 84 PID 932 wrote to memory of 3748 932 9b9ddd82b44fe2de0a4346f501f900a0.exe 84 PID 932 wrote to memory of 3748 932 9b9ddd82b44fe2de0a4346f501f900a0.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe"C:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:932 -
C:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exeC:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3748
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5731c9c73074f9ccba7325649f916026d
SHA1ce71a9af181af4ad5388b3a478c141ed8d8da43d
SHA256790eb42231b6ba9613bd738646c9b795b6c829ade97ce1f042bae1dbef294ac0
SHA512f25f223dd34a24ee823cbfc2b57a1f7f54693157e7720cd842617f8bd751caaa0174fd9fe8618db8e4ab76902e6bb6a78e8dd83ef7a4a1d6b4b5244f31afe29b