Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/02/2024, 18:42
Behavioral task
behavioral1
Sample
a9e11d4bee1e07bdc43cb6c58112842a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a9e11d4bee1e07bdc43cb6c58112842a.exe
Resource
win10v2004-20240226-en
General
-
Target
a9e11d4bee1e07bdc43cb6c58112842a.exe
-
Size
1.5MB
-
MD5
a9e11d4bee1e07bdc43cb6c58112842a
-
SHA1
eca9593223a14de4393a2a03a1d4d23168177559
-
SHA256
96ab0a1c0d03ddd6d8ae1d0f5392c3052802515406dcbe7d3fe983589ec00f31
-
SHA512
f4912bb62981b05d0ad9adede4414323ba03772841a9865ad262670b381020ffa7df7e5a661b1a7a602aa5306ee7075b88e906bdb55a07a6a3e54dbc0298bc95
-
SSDEEP
24576:mrsjVB+2J4FTIkziwEI35FhBFhVy7fYHi9I/5IZQLHFXGICs4UmnS5xtrW:ssJM2JiIkzPEyhBBYYCI/5c4lXacr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4300 a9e11d4bee1e07bdc43cb6c58112842a.exe -
Executes dropped EXE 1 IoCs
pid Process 4300 a9e11d4bee1e07bdc43cb6c58112842a.exe -
resource yara_rule behavioral2/memory/3404-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000700000001ebc7-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3404 a9e11d4bee1e07bdc43cb6c58112842a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3404 a9e11d4bee1e07bdc43cb6c58112842a.exe 4300 a9e11d4bee1e07bdc43cb6c58112842a.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3404 wrote to memory of 4300 3404 a9e11d4bee1e07bdc43cb6c58112842a.exe 87 PID 3404 wrote to memory of 4300 3404 a9e11d4bee1e07bdc43cb6c58112842a.exe 87 PID 3404 wrote to memory of 4300 3404 a9e11d4bee1e07bdc43cb6c58112842a.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\a9e11d4bee1e07bdc43cb6c58112842a.exe"C:\Users\Admin\AppData\Local\Temp\a9e11d4bee1e07bdc43cb6c58112842a.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3404 -
C:\Users\Admin\AppData\Local\Temp\a9e11d4bee1e07bdc43cb6c58112842a.exeC:\Users\Admin\AppData\Local\Temp\a9e11d4bee1e07bdc43cb6c58112842a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4300
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
896KB
MD518bbb157c820591831b052bd0d7cef9e
SHA162f80cee837d5c8ab4821d7e058d1129479eaa37
SHA256b2bb8da25be190332ed23fdcdf6e560ce3cc01847bef6e3122f54d0fcc302aa1
SHA51260a51c13f1e81824960c680a9aff25657212e6e7723b6b602605495a25d3cc541fc7af28308aeadf1e1e788c1baf5a4aae179967b9016c5d6f5fd71af0f30bbf