Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
96s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2024, 03:31
Behavioral task
behavioral1
Sample
b666d3aaf2ff25eaf72baff9b1233162.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b666d3aaf2ff25eaf72baff9b1233162.exe
Resource
win10v2004-20240226-en
General
-
Target
b666d3aaf2ff25eaf72baff9b1233162.exe
-
Size
2.9MB
-
MD5
b666d3aaf2ff25eaf72baff9b1233162
-
SHA1
684492f8c37e4fedd4a244d14d0a8a1c63da20f3
-
SHA256
0071d9d96323fa3f340b657b251067051024dbcce475aae3c67005cd23dfb4ef
-
SHA512
de74af2cd4a2cdf2569968497905ef4e89a8c6cc21ad5110c5c2765addec19fa0bd58615ab3bf526932c236e321f11f811446538494f7310ae8fdb99f19c3db3
-
SSDEEP
49152:G5514GLst9MHGk5/P/TNbmA4P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:O52JmGk5/P/ZmA4gg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1960 b666d3aaf2ff25eaf72baff9b1233162.exe -
Executes dropped EXE 1 IoCs
pid Process 1960 b666d3aaf2ff25eaf72baff9b1233162.exe -
resource yara_rule behavioral2/memory/2372-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000700000002322d-11.dat upx behavioral2/memory/1960-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2372 b666d3aaf2ff25eaf72baff9b1233162.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2372 b666d3aaf2ff25eaf72baff9b1233162.exe 1960 b666d3aaf2ff25eaf72baff9b1233162.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2372 wrote to memory of 1960 2372 b666d3aaf2ff25eaf72baff9b1233162.exe 88 PID 2372 wrote to memory of 1960 2372 b666d3aaf2ff25eaf72baff9b1233162.exe 88 PID 2372 wrote to memory of 1960 2372 b666d3aaf2ff25eaf72baff9b1233162.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe"C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exeC:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1960
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5010ae0560a97fb82b0c05eaf229705f7
SHA1e1464cd2fe7d7df57fe0c0af101aef432459f99e
SHA256f641d0d29884367d1e974c48340de557588c13b5621477d1c2876a9c48a6ee9c
SHA512f87e74426e731f8acaefe21051a1efb6945d045bb990c92267208fa29b269a9adbe557a616085507d7370e51daa8a8c66e8471be412d6d4451b7f0868591e132