Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 10:27
Static task
static1
Behavioral task
behavioral1
Sample
cb2b741dff079360a24529cb60af0266.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cb2b741dff079360a24529cb60af0266.exe
Resource
win10v2004-20240226-en
General
-
Target
cb2b741dff079360a24529cb60af0266.exe
-
Size
385KB
-
MD5
cb2b741dff079360a24529cb60af0266
-
SHA1
6aa30ab806f3fc6a100e4a4532e5a9c0d40e5b52
-
SHA256
e25bd552bee64be42bb47e3c5e9185cc2ed6f9864a2d1b8b81741f460ae2e27c
-
SHA512
46a2a3b5be453d6fa361945d9cfd8bf45a85ce04fddcbec426f4ec359570668a0fcb96babf81001e7e04f1e7dbf9e8dc27cdad5a7cdfeb2942147640883555b0
-
SSDEEP
6144:Zp8y7aAlXQnIy5kFp4JeV9bT9eHnc6irLTwaEvzRY1/7cv19dCYQ2c7mLYm1A91Z:Z+pY4Jpir4xW1/Yd2YLSS9ongoB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 796 cb2b741dff079360a24529cb60af0266.exe -
Executes dropped EXE 1 IoCs
pid Process 796 cb2b741dff079360a24529cb60af0266.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 25 pastebin.com 27 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3496 cb2b741dff079360a24529cb60af0266.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3496 cb2b741dff079360a24529cb60af0266.exe 796 cb2b741dff079360a24529cb60af0266.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3496 wrote to memory of 796 3496 cb2b741dff079360a24529cb60af0266.exe 97 PID 3496 wrote to memory of 796 3496 cb2b741dff079360a24529cb60af0266.exe 97 PID 3496 wrote to memory of 796 3496 cb2b741dff079360a24529cb60af0266.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exe"C:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3496 -
C:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exeC:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:81⤵PID:3872
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5ce4aca7c8e663096159b781a06c63875
SHA145df448d6169d75c1c39c223d45d334c0d06e7e9
SHA2568dc710d267a3486ae8e8b59dca947ae2071c001ace4e32dde5017e91c44482d3
SHA51233fafccd36938e48f843124d125d0293d2cee739f0af50c363e1381141cd72e81a89202419d8e937157bc7b54341ee3b44ab0f44ac25777c7700cbd0d999dec3