Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25/02/2024, 11:19
Static task
static1
Behavioral task
behavioral1
Sample
a3a612ea57f82e0dc9f61e2a41415166.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3a612ea57f82e0dc9f61e2a41415166.exe
Resource
win10v2004-20240221-en
General
-
Target
a3a612ea57f82e0dc9f61e2a41415166.exe
-
Size
82KB
-
MD5
a3a612ea57f82e0dc9f61e2a41415166
-
SHA1
ed176ca45a5d93f499972dd9707c27ff1da10abe
-
SHA256
d946a55859e31b7c181884173bf234d9ed60db9bc92272b1b7f305c4120a1869
-
SHA512
2f69661bba9fc2613725d34bf17f04adc74763a990ac5b042ca85215fea73c3fcf231f9d2d3e1b840178a94c3ff006395b2aecf892e644ef1f379631c66cd784
-
SSDEEP
1536:ljkFrM8HNZXtJwu3XO3U7tfTxAa6nZLnjRjRFfa4KxO:pitZXtJwu3XOEJLxv+LjRz5KM
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1472 a3a612ea57f82e0dc9f61e2a41415166.exe -
Executes dropped EXE 1 IoCs
pid Process 1472 a3a612ea57f82e0dc9f61e2a41415166.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4500 a3a612ea57f82e0dc9f61e2a41415166.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4500 a3a612ea57f82e0dc9f61e2a41415166.exe 1472 a3a612ea57f82e0dc9f61e2a41415166.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4500 wrote to memory of 1472 4500 a3a612ea57f82e0dc9f61e2a41415166.exe 88 PID 4500 wrote to memory of 1472 4500 a3a612ea57f82e0dc9f61e2a41415166.exe 88 PID 4500 wrote to memory of 1472 4500 a3a612ea57f82e0dc9f61e2a41415166.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3a612ea57f82e0dc9f61e2a41415166.exe"C:\Users\Admin\AppData\Local\Temp\a3a612ea57f82e0dc9f61e2a41415166.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4500 -
C:\Users\Admin\AppData\Local\Temp\a3a612ea57f82e0dc9f61e2a41415166.exeC:\Users\Admin\AppData\Local\Temp\a3a612ea57f82e0dc9f61e2a41415166.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1472
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5934476f5ee7ee78074cbaeca2dfd0279
SHA102934c501c91bf45151dcd55b2393e372900f61e
SHA256217fd61ef11558f52783aa89fdc57796ffbe019dff27115e9412f319ef9f739d
SHA5125be3bcd66b97dc1fcc06a9f2f19fd51e0daaad8b673e784b1008e4b25a8ccb1bb92cf5ef23d534e9c1ebc30ceb177fd007602502f54d3e892cb631085eae54d4