Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10/03/2024, 03:02
Behavioral task
behavioral1
Sample
bd802f5a6036c0b884eeabbb2cfd7973.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bd802f5a6036c0b884eeabbb2cfd7973.exe
Resource
win10v2004-20231215-en
General
-
Target
bd802f5a6036c0b884eeabbb2cfd7973.exe
-
Size
2.7MB
-
MD5
bd802f5a6036c0b884eeabbb2cfd7973
-
SHA1
0cfe5439721f8f4014b936adc0680e10b742f217
-
SHA256
5f45eafd67a69f292f2abef051204ed531aeb41af96cd9c89c403383c6823459
-
SHA512
d4701770fa053bf2e33c0812e54a3a9e458f1758e109202451885adb58f0364d519dad74d18102c0ae28aba8f47b6f9761025690a6e9d020a666fc1b12e6530d
-
SSDEEP
49152:EznAyE26+GRIeOeaA/ZVQh4fKWwkHkETaYSONmqMQOwBcfp:EjFBLYjO2gh4fKBkHPR7NtvOw2fp
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 5108 bd802f5a6036c0b884eeabbb2cfd7973.exe -
Executes dropped EXE 1 IoCs
pid Process 5108 bd802f5a6036c0b884eeabbb2cfd7973.exe -
resource yara_rule behavioral2/memory/3736-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0008000000023208-11.dat upx behavioral2/memory/5108-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3736 bd802f5a6036c0b884eeabbb2cfd7973.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3736 bd802f5a6036c0b884eeabbb2cfd7973.exe 5108 bd802f5a6036c0b884eeabbb2cfd7973.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3736 wrote to memory of 5108 3736 bd802f5a6036c0b884eeabbb2cfd7973.exe 86 PID 3736 wrote to memory of 5108 3736 bd802f5a6036c0b884eeabbb2cfd7973.exe 86 PID 3736 wrote to memory of 5108 3736 bd802f5a6036c0b884eeabbb2cfd7973.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe"C:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3736 -
C:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exeC:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:5108
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5317283fa87f9bd12e798dd76ad3ff055
SHA159b4bc416b526896f5c3bc98688936a9e043945e
SHA2568671073616d8863e1b4b719cce06132f4361f18d9de2e9597190ad72d0d8ffef
SHA5120a10915e8c9a05a0a3a7147ae8ad52919cf6652426df7ddc78dabf3072da80c6589a5ce4300aeb970c74eeab73b72d226b33fd305a0e5b8ef8ccf7e5b825c1c2