Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/02/2024, 15:51
Behavioral task
behavioral1
Sample
a98bce902d88044975b61f439fa0bea7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a98bce902d88044975b61f439fa0bea7.exe
Resource
win10v2004-20240226-en
General
-
Target
a98bce902d88044975b61f439fa0bea7.exe
-
Size
5.8MB
-
MD5
a98bce902d88044975b61f439fa0bea7
-
SHA1
46593f29e29f1020718e1a9ae333e4e34b182baa
-
SHA256
88b50e1679b61fb5f57ef7bc8fc1968ad193af5a1465b141073d09826d32f48e
-
SHA512
2379c6f61942251ffdf421ca5a5067619a8803101727922e6e7a827f0ccd13ce9c1f0db95a0890b00191a49b4ac98e9892fcd545aceea8ab43630eb58b2b74fb
-
SSDEEP
98304:/KN8N5rcFRD6SXgg3gnl/IVUs1jePsULAEVr6slCeZ8isagg3gnl/IVUs1jePs:yVgl/iBiPqEVWhegOgl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4156 a98bce902d88044975b61f439fa0bea7.exe -
Executes dropped EXE 1 IoCs
pid Process 4156 a98bce902d88044975b61f439fa0bea7.exe -
resource yara_rule behavioral2/memory/4460-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x00070000000231e5-11.dat upx behavioral2/memory/4156-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4460 a98bce902d88044975b61f439fa0bea7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4460 a98bce902d88044975b61f439fa0bea7.exe 4156 a98bce902d88044975b61f439fa0bea7.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4460 wrote to memory of 4156 4460 a98bce902d88044975b61f439fa0bea7.exe 90 PID 4460 wrote to memory of 4156 4460 a98bce902d88044975b61f439fa0bea7.exe 90 PID 4460 wrote to memory of 4156 4460 a98bce902d88044975b61f439fa0bea7.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe"C:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4460 -
C:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exeC:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4156
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD5afbc92c0f6854233f7685b6f2c9ff9de
SHA118e540369a7df5ce2db61a7e17824be360bf8c5a
SHA2569c330346d0ea3e7111d144d38d0149fa2c291f2c0ec111888111560082f19ee8
SHA51200ff5e4bd0f3bc19d20c821d2f5b5e0862ab5c21ba0a8527d807ec712aa972b058cd0ca7035bb6cbefb2676ef5afe554d3ca3f1c267e74a58888b33d99dabe92