Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 07:15
Behavioral task
behavioral1
Sample
c02c34ad18127a3a1575f00ed7cb4b8b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c02c34ad18127a3a1575f00ed7cb4b8b.exe
Resource
win10v2004-20240226-en
General
-
Target
c02c34ad18127a3a1575f00ed7cb4b8b.exe
-
Size
11.7MB
-
MD5
c02c34ad18127a3a1575f00ed7cb4b8b
-
SHA1
7353ea3dc1d11abadc831776322bcd09b65649e7
-
SHA256
55f43e1c4415e625aac76bb9891219a78cb5e440c2defd41fca9c9c894c94623
-
SHA512
c33e92c559b6e884cd74c40100d4f7ee2927d49f81ac0a8172244b9c7b66095f86387540af59c42fe674dd38cfd7a74de9e697ade46855a3f5e1412dcc954b61
-
SSDEEP
196608:Z47XG9WCOeUW2WCH/Ao8YVQiWCOeUW2WC:ZUYdp2Fo92dp2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1524 c02c34ad18127a3a1575f00ed7cb4b8b.exe -
Executes dropped EXE 1 IoCs
pid Process 1524 c02c34ad18127a3a1575f00ed7cb4b8b.exe -
resource yara_rule behavioral2/memory/5020-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x001000000002324d-11.dat upx behavioral2/memory/1524-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 5020 c02c34ad18127a3a1575f00ed7cb4b8b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 5020 c02c34ad18127a3a1575f00ed7cb4b8b.exe 1524 c02c34ad18127a3a1575f00ed7cb4b8b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5020 wrote to memory of 1524 5020 c02c34ad18127a3a1575f00ed7cb4b8b.exe 96 PID 5020 wrote to memory of 1524 5020 c02c34ad18127a3a1575f00ed7cb4b8b.exe 96 PID 5020 wrote to memory of 1524 5020 c02c34ad18127a3a1575f00ed7cb4b8b.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe"C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:5020 -
C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exeC:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:81⤵PID:4796
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD506ac1ef82bf3ac5000c3fd5f32d99ae4
SHA11b020840c86c2003c65de91610cc2e40e0fa4e9e
SHA256f63548d9fea3a55d0a70e2b12086b6ad5d575c753378dafd59d181e435b9bdcf
SHA512b2614a0dfa322869c07ac882ad7c5ae836e23f1953f27f7916a097373656a78b4694cd605d799ce421671398170f3bb79e694e3e9dec711d7ba9994ccbc80aff