Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 05:04
Behavioral task
behavioral1
Sample
bfe98ccf1fe3f9c43af64cbf1dda9812.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bfe98ccf1fe3f9c43af64cbf1dda9812.exe
Resource
win10v2004-20240226-en
General
-
Target
bfe98ccf1fe3f9c43af64cbf1dda9812.exe
-
Size
5.3MB
-
MD5
bfe98ccf1fe3f9c43af64cbf1dda9812
-
SHA1
64cade40efbecb4544632361053b6dea231161da
-
SHA256
6cc2d36569d8b62e94c88f958ff7bffa0a6ccaf2f2aa2045d2aae591565e1c13
-
SHA512
36caae92fc0ca30aacf5bbb40e25ca510b0b9ff3cd683bceaf06ecbdfefd449b2bd328598e35f9084bea69df0adce2a9e5413c5cdff8e5084c2959e663719f74
-
SSDEEP
98304:Q5PxIudMWRD6eiEtmBm5zBqX5EglAqrn5OIQiHBGn5HOMJesq4ArQP0YBqX5EglZ:QNx25eFLgOqrn5OoG59e2Am0+gOqrn5B
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2384 bfe98ccf1fe3f9c43af64cbf1dda9812.exe -
Executes dropped EXE 1 IoCs
pid Process 2384 bfe98ccf1fe3f9c43af64cbf1dda9812.exe -
resource yara_rule behavioral2/memory/4852-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000b000000016fa5-11.dat upx behavioral2/memory/2384-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4852 bfe98ccf1fe3f9c43af64cbf1dda9812.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4852 bfe98ccf1fe3f9c43af64cbf1dda9812.exe 2384 bfe98ccf1fe3f9c43af64cbf1dda9812.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4852 wrote to memory of 2384 4852 bfe98ccf1fe3f9c43af64cbf1dda9812.exe 99 PID 4852 wrote to memory of 2384 4852 bfe98ccf1fe3f9c43af64cbf1dda9812.exe 99 PID 4852 wrote to memory of 2384 4852 bfe98ccf1fe3f9c43af64cbf1dda9812.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe"C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4852 -
C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exeC:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:81⤵PID:1820
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.3MB
MD576c9288e0573e6a408d1c6b28fb5811f
SHA10a9a7dc7685ffda387e2d3487abb2274a05ded33
SHA256f0f6e0aa5b525c0a68e90d2edfa73f440d8d0426cd38592333e5112957174cf4
SHA51231c69a21669fb3effd9a12d0f1dae8b75aa83ba539005eb62137ae3f00e6640a1dfb630325aaa66b98113842b1cc87b07806800c35c5788c4a05783e1bdfa43e