Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2024, 10:12
Behavioral task
behavioral1
Sample
a19c810cba7ec2b9e8baec67d51c966f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a19c810cba7ec2b9e8baec67d51c966f.exe
Resource
win10v2004-20240221-en
General
-
Target
a19c810cba7ec2b9e8baec67d51c966f.exe
-
Size
1.5MB
-
MD5
a19c810cba7ec2b9e8baec67d51c966f
-
SHA1
b56908e8767f724cfcf38da7c1ed34629b14e0aa
-
SHA256
d034d9e96963ae874b6a50629e9f5b28046bb2d52648f2f0e8cb35d1a279f86b
-
SHA512
78a68d0b342c25b427471a7ef52a99a674d28d95fa5bcada8a3a0b3f4c73cbd511ffff4ee46f81914df48e7d76ccb8795473a1ff30aad6864fa4e92766f978e1
-
SSDEEP
24576:EQncqg30A7vJC8RRGy30dmRp47wp0MxJMIQCQ5tPB0d2vehxCiyW:EsctnJC4RGy30d4p0kKCQtPB0damq
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4724 a19c810cba7ec2b9e8baec67d51c966f.exe -
Executes dropped EXE 1 IoCs
pid Process 4724 a19c810cba7ec2b9e8baec67d51c966f.exe -
resource yara_rule behavioral2/memory/4416-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000600000002320a-11.dat upx behavioral2/memory/4724-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4416 a19c810cba7ec2b9e8baec67d51c966f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4416 a19c810cba7ec2b9e8baec67d51c966f.exe 4724 a19c810cba7ec2b9e8baec67d51c966f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4416 wrote to memory of 4724 4416 a19c810cba7ec2b9e8baec67d51c966f.exe 50 PID 4416 wrote to memory of 4724 4416 a19c810cba7ec2b9e8baec67d51c966f.exe 50 PID 4416 wrote to memory of 4724 4416 a19c810cba7ec2b9e8baec67d51c966f.exe 50
Processes
-
C:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe"C:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exeC:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4724
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
217KB
MD5adf63d185085869e403489b35a9a96aa
SHA18457891679227b3a951df44601e227ac466d8907
SHA256e4a7474b882bd0ca6c9d3ecb764d3c11a4047499f445d9d12764b4cad85f98bf
SHA5128ad7b43bd4463a37b9c0cd711626571d7896cd00736427790744db8e7fcd62c42a82c4fb2d65b24ac01a14a950714f1d25c6ba93da9f3b411f21edfc0a622245