Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
116s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/03/2024, 18:53
Static task
static1
Behavioral task
behavioral1
Sample
c69f57d48b40ab2c6220b156382071f1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c69f57d48b40ab2c6220b156382071f1.exe
Resource
win10v2004-20231215-en
General
-
Target
c69f57d48b40ab2c6220b156382071f1.exe
-
Size
771KB
-
MD5
c69f57d48b40ab2c6220b156382071f1
-
SHA1
5256a7ded96a486cd192f57f6a4cd8dd813da2ea
-
SHA256
aaf83ade0ba562370bce77e7b00ee001ad593279aeebe49bf8f53c575e55d2f3
-
SHA512
d556fd6ebfbb3659650832ecc5f8532a6c4795c0f2932986bb052d1f5ff89bdc1a152d9cc87cb0e98789de13ad6d9e92657ee767603b9287e831c99e9a8510e7
-
SSDEEP
24576:V0tpGQqm0trrCjnT5X7PyEBz24PkJtE1VPB:HrK5XLyWTkJy1VZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2636 c69f57d48b40ab2c6220b156382071f1.exe -
Executes dropped EXE 1 IoCs
pid Process 2636 c69f57d48b40ab2c6220b156382071f1.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 6 pastebin.com 15 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3300 c69f57d48b40ab2c6220b156382071f1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3300 c69f57d48b40ab2c6220b156382071f1.exe 2636 c69f57d48b40ab2c6220b156382071f1.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3300 wrote to memory of 2636 3300 c69f57d48b40ab2c6220b156382071f1.exe 85 PID 3300 wrote to memory of 2636 3300 c69f57d48b40ab2c6220b156382071f1.exe 85 PID 3300 wrote to memory of 2636 3300 c69f57d48b40ab2c6220b156382071f1.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\c69f57d48b40ab2c6220b156382071f1.exe"C:\Users\Admin\AppData\Local\Temp\c69f57d48b40ab2c6220b156382071f1.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3300 -
C:\Users\Admin\AppData\Local\Temp\c69f57d48b40ab2c6220b156382071f1.exeC:\Users\Admin\AppData\Local\Temp\c69f57d48b40ab2c6220b156382071f1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2636
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
771KB
MD56bb3a2fe4e7ed5309639fdc913ebb5e8
SHA11b581d50ae6149bb945be07e55874cb05fd86608
SHA256b52198fc723022e5224fa2ca404228426d988f94e0a90d7bf72cec5acf3ccd17
SHA5129b0fc97198700072a5b966759c6ad859652d4f05b9ca726ae49a4a457ac4ca04bccc8ae53c68a2970611f03baef5047993ac5d6aa1ac9bfe54e8c08d1dffd9f0