Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/02/2024, 00:16
Behavioral task
behavioral1
Sample
ad37ae21c2afca94f45c12d8d9b9311f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad37ae21c2afca94f45c12d8d9b9311f.exe
Resource
win10v2004-20240226-en
General
-
Target
ad37ae21c2afca94f45c12d8d9b9311f.exe
-
Size
1.3MB
-
MD5
ad37ae21c2afca94f45c12d8d9b9311f
-
SHA1
bc2fe0fab4b0366040ceac0df075f5db926b2811
-
SHA256
e6f56347c18c8b8a0e096e30a40af1bb2495078454a2941aa843b703c150cacd
-
SHA512
cccea7a967609632e64823bcbe8cb987eb8e363861984f84af8da247c23e519117b1095af083d68bd7591df9dbab7f961add2bcb73f05b5a90fd9c7de2c4994e
-
SSDEEP
24576:DcQKjrFcI+TvLYCEbd343McTSBAkpOYbauALvttFiv5JPS8Z4EELCCBlcvG:GjrFc3bEW3McWWkJbF+oc8aEEdBl
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3216 ad37ae21c2afca94f45c12d8d9b9311f.exe -
Executes dropped EXE 1 IoCs
pid Process 3216 ad37ae21c2afca94f45c12d8d9b9311f.exe -
resource yara_rule behavioral2/memory/3352-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x000400000001e980-13.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3352 ad37ae21c2afca94f45c12d8d9b9311f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3352 ad37ae21c2afca94f45c12d8d9b9311f.exe 3216 ad37ae21c2afca94f45c12d8d9b9311f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3352 wrote to memory of 3216 3352 ad37ae21c2afca94f45c12d8d9b9311f.exe 88 PID 3352 wrote to memory of 3216 3352 ad37ae21c2afca94f45c12d8d9b9311f.exe 88 PID 3352 wrote to memory of 3216 3352 ad37ae21c2afca94f45c12d8d9b9311f.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad37ae21c2afca94f45c12d8d9b9311f.exe"C:\Users\Admin\AppData\Local\Temp\ad37ae21c2afca94f45c12d8d9b9311f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3352 -
C:\Users\Admin\AppData\Local\Temp\ad37ae21c2afca94f45c12d8d9b9311f.exeC:\Users\Admin\AppData\Local\Temp\ad37ae21c2afca94f45c12d8d9b9311f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3216
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5d8870fcf3df393582eb45b1f26df00bd
SHA15b005bc9bed19f91fdc247e5d7831fdef37c1c57
SHA256ffb96cb92e3203b37b6a9ea4df53f90aac8e5114da5d48ae115241adc28bf26f
SHA512f54f092722b4655cb05643cd39819cfb184e94efbf5add1f18323ad14ccf2e1888a5ffc070ab1596be618a25a234decd4a645298e0e9b8d759c275ecbe2a9a38