Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/03/2024, 18:18
Behavioral task
behavioral1
Sample
bc7b7e679a5598f910b9fc68f897c4fc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bc7b7e679a5598f910b9fc68f897c4fc.exe
Resource
win10v2004-20240226-en
General
-
Target
bc7b7e679a5598f910b9fc68f897c4fc.exe
-
Size
5.3MB
-
MD5
bc7b7e679a5598f910b9fc68f897c4fc
-
SHA1
5856b4e7de854de30a7d5837c54a88a7215f3871
-
SHA256
6e2a1e8a8d8777da63255e153e611ba2826b5b565b40d27500bb0c0ae2e1f573
-
SHA512
467441176d4cc28aa1208ce0f798c0266fc71a8104989957eb1d8d17a336f4651d856e4ae398a4359f583ee317e72e5e271a4134ce0f338a0f2281ad6b5459fc
-
SSDEEP
98304:sxNE4wL0HVRGst2HAutVBGubFAHFDpLgutGDYNbycHVRGst2HAutVBGubFAHj:s/En0zXtsAutVlZAXUutGDYUczXtsAu8
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2364 bc7b7e679a5598f910b9fc68f897c4fc.exe -
Executes dropped EXE 1 IoCs
pid Process 2364 bc7b7e679a5598f910b9fc68f897c4fc.exe -
resource yara_rule behavioral2/memory/3412-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x0009000000023040-11.dat upx behavioral2/memory/2364-13-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3412 bc7b7e679a5598f910b9fc68f897c4fc.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3412 bc7b7e679a5598f910b9fc68f897c4fc.exe 2364 bc7b7e679a5598f910b9fc68f897c4fc.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3412 wrote to memory of 2364 3412 bc7b7e679a5598f910b9fc68f897c4fc.exe 89 PID 3412 wrote to memory of 2364 3412 bc7b7e679a5598f910b9fc68f897c4fc.exe 89 PID 3412 wrote to memory of 2364 3412 bc7b7e679a5598f910b9fc68f897c4fc.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe"C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3412 -
C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exeC:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2364
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.3MB
MD5528accb9c1623f5d36c0fcbf49889eef
SHA10ebfa95e3efa353c63f50d585d6983edf938bef4
SHA256cd3851a9a83cf0db82df989ba1fba4a5011af559c5edb1ce26aef1ea5ba6ad5d
SHA512677515d0b7dfab21d7a581aba1998742ea4bcbd704f1465602132992d98eabd7ca9b8e1c2aefc4842571ba6de45c65c2c4991281bf47dcb3d138c64de16bd356