Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 00:50
Static task
static1
Behavioral task
behavioral1
Sample
c2093aa356c73e1126a984e3fe955a25.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c2093aa356c73e1126a984e3fe955a25.exe
Resource
win10v2004-20240226-en
General
-
Target
c2093aa356c73e1126a984e3fe955a25.exe
-
Size
82KB
-
MD5
c2093aa356c73e1126a984e3fe955a25
-
SHA1
1df11f7bcf485334eab8dbcb191f683dd828089f
-
SHA256
da4e29012e1f00f329bcb913ffe8c13dee784e15506392c52d38dc8d3cfeba65
-
SHA512
ed8e8f4e644ac5bbace6c8c4159f610e467d3e55a3584983879d5ee19943e85c42c6a13208f6942e8631a22071b95a7762ca338b8ef1b9d62cdccf1aab439011
-
SSDEEP
1536:J9/TdNivY1jLr9Rm+HXsm7YQTqFf0cj+JJpWgc6T+dAUyO3LcbwK+kNXsEJaJYHG:J9rflLJRccOFf0cyJHWgcdiOQbwKjXs1
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4364 c2093aa356c73e1126a984e3fe955a25.exe -
Executes dropped EXE 1 IoCs
pid Process 4364 c2093aa356c73e1126a984e3fe955a25.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3232 c2093aa356c73e1126a984e3fe955a25.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3232 c2093aa356c73e1126a984e3fe955a25.exe 4364 c2093aa356c73e1126a984e3fe955a25.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3232 wrote to memory of 4364 3232 c2093aa356c73e1126a984e3fe955a25.exe 99 PID 3232 wrote to memory of 4364 3232 c2093aa356c73e1126a984e3fe955a25.exe 99 PID 3232 wrote to memory of 4364 3232 c2093aa356c73e1126a984e3fe955a25.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\c2093aa356c73e1126a984e3fe955a25.exe"C:\Users\Admin\AppData\Local\Temp\c2093aa356c73e1126a984e3fe955a25.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3232 -
C:\Users\Admin\AppData\Local\Temp\c2093aa356c73e1126a984e3fe955a25.exeC:\Users\Admin\AppData\Local\Temp\c2093aa356c73e1126a984e3fe955a25.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:81⤵PID:4540
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5245754720a2760d8930b531e90d99c94
SHA121a6a672dc492be9a16c2544920f0d4a53c8b700
SHA256292a1be5b567b1bfd9be508f06e5696b29ae1f6b7e2582d01c17b75ff5585f23
SHA51269e9acddefdbdad1115fc64e8413f0118ed451c02da08a8d2cc16422e5222f571263fb43c7109dc43a3574b8d574ca4cd0384c3429c1f7d1d271c9c9f9f2c02d