Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13/03/2024, 20:51
Behavioral task
behavioral1
Sample
c6d49f449b9ada17ff8b41351f3abd2b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c6d49f449b9ada17ff8b41351f3abd2b.exe
Resource
win10v2004-20240226-en
General
-
Target
c6d49f449b9ada17ff8b41351f3abd2b.exe
-
Size
2.9MB
-
MD5
c6d49f449b9ada17ff8b41351f3abd2b
-
SHA1
40d18cab809c17449bfc1e844923017043fdfc2e
-
SHA256
823b67d0e311b371e11ca00a5e9cf35dfb92a81694890055ccb16cf1b1be9b73
-
SHA512
0e007bb996c660ed17979e64d7c7577b4b63f2c82965d50d610ff840971336677788fb7732e4cd3ef40999383f1906b9980d0064fc7720c76644c9d4434f0d88
-
SSDEEP
49152:m7ixkP+EeK1cV0uVZok3OcORLHWEGM59Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:m7EEeK1Vookk2EGgHau42c1joCjMPkNQ
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1896 c6d49f449b9ada17ff8b41351f3abd2b.exe -
Executes dropped EXE 1 IoCs
pid Process 1896 c6d49f449b9ada17ff8b41351f3abd2b.exe -
resource yara_rule behavioral2/memory/2148-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x00080000000231fd-11.dat upx behavioral2/memory/1896-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2148 c6d49f449b9ada17ff8b41351f3abd2b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2148 c6d49f449b9ada17ff8b41351f3abd2b.exe 1896 c6d49f449b9ada17ff8b41351f3abd2b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2148 wrote to memory of 1896 2148 c6d49f449b9ada17ff8b41351f3abd2b.exe 86 PID 2148 wrote to memory of 1896 2148 c6d49f449b9ada17ff8b41351f3abd2b.exe 86 PID 2148 wrote to memory of 1896 2148 c6d49f449b9ada17ff8b41351f3abd2b.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\c6d49f449b9ada17ff8b41351f3abd2b.exe"C:\Users\Admin\AppData\Local\Temp\c6d49f449b9ada17ff8b41351f3abd2b.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Users\Admin\AppData\Local\Temp\c6d49f449b9ada17ff8b41351f3abd2b.exeC:\Users\Admin\AppData\Local\Temp\c6d49f449b9ada17ff8b41351f3abd2b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1896
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD550d2b73931cbb1df678345f361db7d53
SHA13b7dd53821e6e57708c6ac25527fca5fad5ac33d
SHA256b7d90ca136a83d4c03ff2158e4f1d56fe469d5a491bd6f073d6e21e738d86b62
SHA5124a6e162d0e1e5b621ee8c7cd736f8f816e78029d41502b4413dbad7b7ba9f6589a09ced4a185528c1ff3acc59303d8a75e9859e8b8725abee5749499231de9cf