Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/03/2024, 16:19
Behavioral task
behavioral1
Sample
bbb4599beedabf0c14b01f19fe14c057.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bbb4599beedabf0c14b01f19fe14c057.exe
Resource
win10v2004-20240226-en
General
-
Target
bbb4599beedabf0c14b01f19fe14c057.exe
-
Size
2.4MB
-
MD5
bbb4599beedabf0c14b01f19fe14c057
-
SHA1
538718f6451e64b369b526c082d78c7455996813
-
SHA256
ce3cbe036bb53dfb26eb997a791fb27459d3b1aaca76849d7b611e2d9a145a52
-
SHA512
ccd54a45534ebd4d4cac475d0a4a97dbce169926afa6527b0d1c27b8e4c480f8b5ba9f1e3e4546e9c851874abee8f0fb5fbfa17c7dc8038f13594c325d8ce133
-
SSDEEP
49152:RkeLqVZnqmd5+9I8vOUOD+ixzqX9mQNP4M338dB2IBlGuuDVUsdxxjr:HL8bd5+9I8vDOD+dgg3gnl/IVUs1jr
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4516 bbb4599beedabf0c14b01f19fe14c057.exe -
Executes dropped EXE 1 IoCs
pid Process 4516 bbb4599beedabf0c14b01f19fe14c057.exe -
resource yara_rule behavioral2/memory/2728-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000900000002324b-11.dat upx behavioral2/memory/4516-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2728 bbb4599beedabf0c14b01f19fe14c057.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2728 bbb4599beedabf0c14b01f19fe14c057.exe 4516 bbb4599beedabf0c14b01f19fe14c057.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2728 wrote to memory of 4516 2728 bbb4599beedabf0c14b01f19fe14c057.exe 96 PID 2728 wrote to memory of 4516 2728 bbb4599beedabf0c14b01f19fe14c057.exe 96 PID 2728 wrote to memory of 4516 2728 bbb4599beedabf0c14b01f19fe14c057.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe"C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exeC:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5072 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:81⤵PID:3860
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD58de41a2568d5b5cc5473e78e218644ca
SHA160c0ab7ccb1f3e6549d3bf4e268c995babcc51ad
SHA25601f8a6128111c26ec931900ca04ac8fe20109734839df669d30a92c287a3bd32
SHA512395ca27e8b6c696fe5fd813c5334c6beab65c935dede465f62f21c75c2df2199d7c1ca9bad0eaa968203d1d03d5c5df2800658a47fc7d0a3e311ce4102e44d9e