Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2024, 16:56
Behavioral task
behavioral1
Sample
b9330b60f33308a0885b2bbcb043dd0f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b9330b60f33308a0885b2bbcb043dd0f.exe
Resource
win10v2004-20240226-en
General
-
Target
b9330b60f33308a0885b2bbcb043dd0f.exe
-
Size
1.3MB
-
MD5
b9330b60f33308a0885b2bbcb043dd0f
-
SHA1
6dee5a85c0c719930955db7370e877c0b7479b5b
-
SHA256
6685e2bad5903f3b07f92e1965794268c5969aafdbaefc44c04c38a7cbfbab79
-
SHA512
9cb997f910601095559c00f2f93fbfacfa30064cca9673035f39c104b7c906c0ed152bdbe009465ac1c41e44e449397884776ab59e497a2d89b2d380ff1f8666
-
SSDEEP
24576:1vYIS8XVpb0MGz4jZzgoq3zpkIrXX8iiU8wY6vYSQpGdpb3vG:1vYLaj0XyNgqIrVpVQS+Gdp
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2124 b9330b60f33308a0885b2bbcb043dd0f.exe -
Executes dropped EXE 1 IoCs
pid Process 2124 b9330b60f33308a0885b2bbcb043dd0f.exe -
resource yara_rule behavioral2/memory/4848-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/memory/2124-15-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x0008000000023211-13.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4848 b9330b60f33308a0885b2bbcb043dd0f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4848 b9330b60f33308a0885b2bbcb043dd0f.exe 2124 b9330b60f33308a0885b2bbcb043dd0f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4848 wrote to memory of 2124 4848 b9330b60f33308a0885b2bbcb043dd0f.exe 88 PID 4848 wrote to memory of 2124 4848 b9330b60f33308a0885b2bbcb043dd0f.exe 88 PID 4848 wrote to memory of 2124 4848 b9330b60f33308a0885b2bbcb043dd0f.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9330b60f33308a0885b2bbcb043dd0f.exe"C:\Users\Admin\AppData\Local\Temp\b9330b60f33308a0885b2bbcb043dd0f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4848 -
C:\Users\Admin\AppData\Local\Temp\b9330b60f33308a0885b2bbcb043dd0f.exeC:\Users\Admin\AppData\Local\Temp\b9330b60f33308a0885b2bbcb043dd0f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2124
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5f8c2dbb175058ce636b2ef746bbf04f1
SHA1f71a312c2ea63323e4631e36a1ec64c4d03ee58e
SHA25692abcc3fa2d378db1f2d81b877d6f17467592203b038f9eda3cf91b63bbd6c2e
SHA51265825429e5be7a19a31d96267998c45de51677f1c56af8998e6ad281da1e5cf95fbb0524b00d8f56ea0ed66403e02a04ce93a311afd570fa553f240bcaa88f6f