Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 09:12
Static task
static1
Behavioral task
behavioral1
Sample
b45567ae02b7d317c6d25875fd1a0fbd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b45567ae02b7d317c6d25875fd1a0fbd.exe
Resource
win10v2004-20240226-en
General
-
Target
b45567ae02b7d317c6d25875fd1a0fbd.exe
-
Size
907KB
-
MD5
b45567ae02b7d317c6d25875fd1a0fbd
-
SHA1
164e4049be8cfcc83d3df8c3f7d959491e38933c
-
SHA256
bc92b242d7431b5a104695db52837790bfbade762841668fbfe115ae8d80893c
-
SHA512
71c3149a25c4023c1bcd3458feedd914fa463aab824824a0ae75cdd83da0b2296ea888457334d8f861b3b87569fedf64bff6b9908453e24ce1d30cd034c41dbc
-
SSDEEP
12288:yrGWFZtHJLwM3Mp0+h5J02g+BIcLHCE/c1H7DSCTl3KvgJ12MMa0qXQjVDa/ZS1:mbnprt+hbsYAE01beZvgzyqX2a/ZS1
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3372 b45567ae02b7d317c6d25875fd1a0fbd.exe -
Executes dropped EXE 1 IoCs
pid Process 3372 b45567ae02b7d317c6d25875fd1a0fbd.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 22 pastebin.com 24 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4576 b45567ae02b7d317c6d25875fd1a0fbd.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4576 b45567ae02b7d317c6d25875fd1a0fbd.exe 3372 b45567ae02b7d317c6d25875fd1a0fbd.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4576 wrote to memory of 3372 4576 b45567ae02b7d317c6d25875fd1a0fbd.exe 100 PID 4576 wrote to memory of 3372 4576 b45567ae02b7d317c6d25875fd1a0fbd.exe 100 PID 4576 wrote to memory of 3372 4576 b45567ae02b7d317c6d25875fd1a0fbd.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exe"C:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4576 -
C:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exeC:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4024 --field-trial-handle=2240,i,16875000905773190493,11379096115878622792,262144 --variations-seed-version /prefetch:81⤵PID:2036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
907KB
MD5db7ee0b63922ab9f8b01654438e31971
SHA1cb3b4bb0489288f35612c7bf2ad39c9e44d3b03d
SHA256909b1227732dd4db8b4709d5e799a1b87569e974e401f1b9ecb5f38e0a543190
SHA512dbfea9283657210d8e06ba81189bae4a7a69f14c0439e90b18dec66e0bbc566914664a5e261b9083e59151a755aafc0e2ffcfe03dbee78ea65e6dfa4b6875dbd