Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2024, 22:14
Static task
static1
Behavioral task
behavioral1
Sample
b9ca1b376e8125c04a346bba75e34ec5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b9ca1b376e8125c04a346bba75e34ec5.exe
Resource
win10v2004-20240226-en
General
-
Target
b9ca1b376e8125c04a346bba75e34ec5.exe
-
Size
385KB
-
MD5
b9ca1b376e8125c04a346bba75e34ec5
-
SHA1
7b6088d821033005fef710fb015d60b52e58314c
-
SHA256
6ee3b350f9c4ef49432799a273062f70dd27e44ace89635f01fb0181eb4da1c1
-
SHA512
a91d8e2f56fb0aa838a72dfe2ff8dccfabad1e0e6363d8b79e57255548c8ff456dc7fb042c25eb10022cf2cdadc82ee743c20b6626627826bf8a2eae9f02ad10
-
SSDEEP
6144:ilh4KOh5yI30vP7jg9Q9QiwDOiCefNpYjIOengxbsUgPBwR11IjAxQGPn3B:qh4PfK/gq9PSRRlpSIO04BgGCXO3B
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3960 b9ca1b376e8125c04a346bba75e34ec5.exe -
Executes dropped EXE 1 IoCs
pid Process 3960 b9ca1b376e8125c04a346bba75e34ec5.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 5 pastebin.com 6 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1048 b9ca1b376e8125c04a346bba75e34ec5.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1048 b9ca1b376e8125c04a346bba75e34ec5.exe 3960 b9ca1b376e8125c04a346bba75e34ec5.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1048 wrote to memory of 3960 1048 b9ca1b376e8125c04a346bba75e34ec5.exe 89 PID 1048 wrote to memory of 3960 1048 b9ca1b376e8125c04a346bba75e34ec5.exe 89 PID 1048 wrote to memory of 3960 1048 b9ca1b376e8125c04a346bba75e34ec5.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9ca1b376e8125c04a346bba75e34ec5.exe"C:\Users\Admin\AppData\Local\Temp\b9ca1b376e8125c04a346bba75e34ec5.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Users\Admin\AppData\Local\Temp\b9ca1b376e8125c04a346bba75e34ec5.exeC:\Users\Admin\AppData\Local\Temp\b9ca1b376e8125c04a346bba75e34ec5.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3960
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
271KB
MD5e2f78ddfe7d2231b563fc3d6ec85f135
SHA10f0fce01a9845b8d8e1176f3098d23eebbbbc6d2
SHA2562353e8d8c8a85495dbd7e0803a262d7465c407960752bf23d51425cebe983683
SHA512efdda2fc78d417ec10459e38fe4b01edd9163fc1686afdae97f93efbaabf2e20a1d3e714e7f8ce6f4251622d8a2cd783624ec46a79a90b8434ea92fc996897d3