Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 07:12
Static task
static1
Behavioral task
behavioral1
Sample
c2c3c7ff4226e8946d4d0f53cbffcfcc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c2c3c7ff4226e8946d4d0f53cbffcfcc.exe
Resource
win10v2004-20240226-en
General
-
Target
c2c3c7ff4226e8946d4d0f53cbffcfcc.exe
-
Size
82KB
-
MD5
c2c3c7ff4226e8946d4d0f53cbffcfcc
-
SHA1
1cafc822b1262c673e604a243a85e1c8538d7175
-
SHA256
b3f6b07791c5156687e0a130f69adda54665eedbb3bc1beaa2bec110a3204f55
-
SHA512
7093bb4938317f9d9d0c888b3c1a49fe86fdf749de83f3d9b16756686341e418f15fc571d41e38c341093b605242e9ea5e7d47e978330c0a0e6b6de71a986cd2
-
SSDEEP
1536:Q57oGu+AKj0Q+ehqg3V358nk61AcINGOSymckxBZcdP3uplujVkrVWfL8PRfsLjK:QKGdA83V3Kk62prAckxBZcSuBkWfL81H
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2216 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Executes dropped EXE 1 IoCs
pid Process 2216 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2212 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2212 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 2216 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2216 2212 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 89 PID 2212 wrote to memory of 2216 2212 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 89 PID 2212 wrote to memory of 2216 2212 c2c3c7ff4226e8946d4d0f53cbffcfcc.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\c2c3c7ff4226e8946d4d0f53cbffcfcc.exe"C:\Users\Admin\AppData\Local\Temp\c2c3c7ff4226e8946d4d0f53cbffcfcc.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\c2c3c7ff4226e8946d4d0f53cbffcfcc.exeC:\Users\Admin\AppData\Local\Temp\c2c3c7ff4226e8946d4d0f53cbffcfcc.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2216
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5db67f9ba0fd2f7fbd4e7899967b3b714
SHA16ef3c40b547b66680419c159410dac3bbcecc293
SHA256c294cd155fc56b774940351f58ccf78b56380927c68527478f8cbf260ac4ddbe
SHA5129816e93a235a163d095b9406de35c2773d6629faa2400a293091c6cc929bb64215645257601ae0f0e158c96a54211e0f5f8f285ecbc49780d49c7908078601b4