Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2024, 18:45
Static task
static1
Behavioral task
behavioral1
Sample
a27b9cc01307237a16b08d449e5de87f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a27b9cc01307237a16b08d449e5de87f.exe
Resource
win10v2004-20240221-en
General
-
Target
a27b9cc01307237a16b08d449e5de87f.exe
-
Size
57KB
-
MD5
a27b9cc01307237a16b08d449e5de87f
-
SHA1
f68abaea3f54726f877a811479d0ef703b7a203d
-
SHA256
6ff02919ba1f41a558b4affffa234ebc90b2e20147502c1be844363e356b0d58
-
SHA512
710f97fd309b537a9a24c8d90fe584e63987d81608f02b27a7d2d8ee7c5f62b9064f8b3e93d2cf5cfa8c96ea0839fed9773dc9bc041047d72fc598f56000d9dd
-
SSDEEP
1536:r19Bn1cXxHmxphPtuEuF7EQxl/8YhrUGUVP:hPnSFKp1stxEQxl01hVP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 5080 a27b9cc01307237a16b08d449e5de87f.exe -
Executes dropped EXE 1 IoCs
pid Process 5080 a27b9cc01307237a16b08d449e5de87f.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4644 a27b9cc01307237a16b08d449e5de87f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4644 a27b9cc01307237a16b08d449e5de87f.exe 5080 a27b9cc01307237a16b08d449e5de87f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4644 wrote to memory of 5080 4644 a27b9cc01307237a16b08d449e5de87f.exe 86 PID 4644 wrote to memory of 5080 4644 a27b9cc01307237a16b08d449e5de87f.exe 86 PID 4644 wrote to memory of 5080 4644 a27b9cc01307237a16b08d449e5de87f.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe"C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4644 -
C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exeC:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:5080
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD5f8ff8b08ed6cfda4d8e6e0c9096a55e6
SHA1d9aed8bdd8e37a4a6db1f76bc4d1ea224186cc5e
SHA2561f924081a3fed452f82781d1588c30d8b102ab604dc13e150320d0b3ae249cb7
SHA5128aa003afc4102bde050af5c80f2ed6a654f2761318ef13e6ee526ce569c9ceed81522cff03b3e0a3b9b6b5e8bde95c6f68bc0dc45e86c3bdf9cb0f9b9c116537