Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/02/2024, 05:49
Static task
static1
Behavioral task
behavioral1
Sample
add6ad343a096b29fa9c3dafb053336d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
add6ad343a096b29fa9c3dafb053336d.exe
Resource
win10v2004-20240226-en
General
-
Target
add6ad343a096b29fa9c3dafb053336d.exe
-
Size
82KB
-
MD5
add6ad343a096b29fa9c3dafb053336d
-
SHA1
00cadf78e40cfd41f7536437e0d443d3580e063f
-
SHA256
93dfbdc4e5ea15af102ce1b6faf0d4f5607f78f2e09215224a64f7ac003d3451
-
SHA512
fba20029abdeda57a6257ff2b50e1e55288966b998534250a4c8579fdf7cdb977817c87da9183ae8d6ba8b32d65ae76f26e57f3a6c045e338ac9d96346f8601a
-
SSDEEP
1536:RtXgOaMvOdMM1Q3gziK+vepBQxdMZ4XzNdjeSJ5+l3pbkY:RtX721QNKKepBQG8XX5+l3/
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4560 add6ad343a096b29fa9c3dafb053336d.exe -
Executes dropped EXE 1 IoCs
pid Process 4560 add6ad343a096b29fa9c3dafb053336d.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3224 add6ad343a096b29fa9c3dafb053336d.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3224 add6ad343a096b29fa9c3dafb053336d.exe 4560 add6ad343a096b29fa9c3dafb053336d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3224 wrote to memory of 4560 3224 add6ad343a096b29fa9c3dafb053336d.exe 88 PID 3224 wrote to memory of 4560 3224 add6ad343a096b29fa9c3dafb053336d.exe 88 PID 3224 wrote to memory of 4560 3224 add6ad343a096b29fa9c3dafb053336d.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\add6ad343a096b29fa9c3dafb053336d.exe"C:\Users\Admin\AppData\Local\Temp\add6ad343a096b29fa9c3dafb053336d.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3224 -
C:\Users\Admin\AppData\Local\Temp\add6ad343a096b29fa9c3dafb053336d.exeC:\Users\Admin\AppData\Local\Temp\add6ad343a096b29fa9c3dafb053336d.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4560
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD57e724959d262bc8d0467df4bf4ca15e8
SHA1c8dea903c27cb3c7a24c4dd5fad7ebcb0d0ada57
SHA256a0fc9bfb3b2a73be776e4b7963ae97ce7ca05dbb2fbc74d464c9ce1c837828d8
SHA5124f392533ebd579dbe53ef3745a691f22cc46915508f90e367aa68c37fd5a8393aff70e1cf7590c603c614e4069cddaa9e7ef0ea8a902f340bdf7010d04eaf614