Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/02/2024, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan.Win32.Selfmod.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
HEUR-Trojan.Win32.Selfmod.exe
Resource
win10v2004-20240226-en
General
-
Target
HEUR-Trojan.Win32.Selfmod.exe
-
Size
218KB
-
MD5
11bf0d021b0aac3cba376326726a1633
-
SHA1
0c8e1f392cd8bfa11e8cf354ba78cc4d27bf6e15
-
SHA256
e9cc3b13dd371b062ecca23d4a78818a534fb7024e0e5af2859024a0b1f2e807
-
SHA512
334b706826f638676da887ba9cc57c302d1db6705a77993a728456231795945a0414b07554707cdd81664baaa5b35d4e095133e0ab049b6e71f6f262c741789c
-
SSDEEP
3072:m6j4LkjoaAW3YC1f1YBuPHBPB1wDKSRMHOMEcr3hZVDneCRpmiaoG9QxsM+NAFa:G2AnTU6DKMqOMdZVbXX9aLisM+Nea
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1152 HEUR-Trojan.Win32.Selfmod.exe -
Executes dropped EXE 1 IoCs
pid Process 1152 HEUR-Trojan.Win32.Selfmod.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 4068 1132 WerFault.exe 93 3728 1152 WerFault.exe 102 -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1132 HEUR-Trojan.Win32.Selfmod.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1152 HEUR-Trojan.Win32.Selfmod.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1132 wrote to memory of 1152 1132 HEUR-Trojan.Win32.Selfmod.exe 102 PID 1132 wrote to memory of 1152 1132 HEUR-Trojan.Win32.Selfmod.exe 102 PID 1132 wrote to memory of 1152 1132 HEUR-Trojan.Win32.Selfmod.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 3962⤵
- Program crash
PID:4068
-
-
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exeC:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1152 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 3643⤵
- Program crash
PID:3728
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1132 -ip 11321⤵PID:916
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1152 -ip 11521⤵PID:1424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:81⤵PID:4524
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
218KB
MD50f3f5c3e865172dd24c58cc8a1dd51a9
SHA1d9c1f0e621fd74a7fab624a33b9b113180f187b9
SHA256ed806d43e4bbb8075588a06a4f3795a68f47ef44e1c899f252a550dd203f191d
SHA51255807ee2570e520e4b946ef51d8824d92860f46fc940ccca6d07326db90db20bab5321cb2394a7b0a251dbe1903a144d36a8f8ad2219384421903ac4ed16aa24