Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2024, 07:26
Behavioral task
behavioral1
Sample
ab55f078971650e6d7eeae8f289f1f2e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ab55f078971650e6d7eeae8f289f1f2e.exe
Resource
win10v2004-20240226-en
General
-
Target
ab55f078971650e6d7eeae8f289f1f2e.exe
-
Size
1.3MB
-
MD5
ab55f078971650e6d7eeae8f289f1f2e
-
SHA1
0b8ebb80dfd9b924b19f35bc061ccdf7a0277768
-
SHA256
b318542c76b50712f2e1b4aed9bb43bba8e91b92fdf74a2cb49d17d83c445a21
-
SHA512
571db742be8eec50be7a5d86c288bd82cd532fa7aa5d99512b7dd74769bed30f434fdf8698248f278102cb4e2d6a12641f83e70d4acbd5bbe8c6c90b142cad36
-
SSDEEP
24576:LK/W0H+AUjWqPa6SPlA3vYsomPrT1Y71pJr8Bdj83vG:LK/W0lJEw4Txuvx8Bdw
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1872 ab55f078971650e6d7eeae8f289f1f2e.exe -
Executes dropped EXE 1 IoCs
pid Process 1872 ab55f078971650e6d7eeae8f289f1f2e.exe -
resource yara_rule behavioral2/memory/1528-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x000700000001e59e-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1528 ab55f078971650e6d7eeae8f289f1f2e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1528 ab55f078971650e6d7eeae8f289f1f2e.exe 1872 ab55f078971650e6d7eeae8f289f1f2e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1528 wrote to memory of 1872 1528 ab55f078971650e6d7eeae8f289f1f2e.exe 88 PID 1528 wrote to memory of 1872 1528 ab55f078971650e6d7eeae8f289f1f2e.exe 88 PID 1528 wrote to memory of 1872 1528 ab55f078971650e6d7eeae8f289f1f2e.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab55f078971650e6d7eeae8f289f1f2e.exe"C:\Users\Admin\AppData\Local\Temp\ab55f078971650e6d7eeae8f289f1f2e.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Users\Admin\AppData\Local\Temp\ab55f078971650e6d7eeae8f289f1f2e.exeC:\Users\Admin\AppData\Local\Temp\ab55f078971650e6d7eeae8f289f1f2e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1872
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5bed8bcc891b60500c608b26b88abcab3
SHA154b672bb11966cba6ca7a0d0e24971f0b6d5fbd5
SHA2565ed48dc30d1b1ef75e4c76292b9bfe6e8235da07d433bb4ae4a4c5f9bbb29771
SHA512129972e806a605a60870e5c58538e1c50198f02b071510969afe3dd0ab21c5c07903226326c7b941bda4496aff0cf0f69a93eb0221a6aa3d6de8387858e41af2