Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 03:04
Static task
static1
Behavioral task
behavioral1
Sample
d50c6aad7ff9b2fb4bee19481147710d.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
d50c6aad7ff9b2fb4bee19481147710d.exe
Resource
win10v2004-20240226-en
General
-
Target
d50c6aad7ff9b2fb4bee19481147710d.exe
-
Size
82KB
-
MD5
d50c6aad7ff9b2fb4bee19481147710d
-
SHA1
323f034ae848f41115574d7469761e8cb6a106c8
-
SHA256
60cba2f56dc8b161d94949f67d466d283ab7014397c275bd6d5dc23b79115811
-
SHA512
88f262d4920d232bbe651f38081babb7fb8fca23e31dabc7ec0ba79d0f996b0b61af038dd0ebec3ad9aff252e4bc6b015295e9e8ae206e682db65dabb41678f4
-
SSDEEP
1536:q6pz9ZO9xLtxN6VCIzsW8bOIlFBWeaWlifbM:q+q91tj6fzsVrBVBko
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4980 d50c6aad7ff9b2fb4bee19481147710d.exe -
Executes dropped EXE 1 IoCs
pid Process 4980 d50c6aad7ff9b2fb4bee19481147710d.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1912 d50c6aad7ff9b2fb4bee19481147710d.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1912 d50c6aad7ff9b2fb4bee19481147710d.exe 4980 d50c6aad7ff9b2fb4bee19481147710d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1912 wrote to memory of 4980 1912 d50c6aad7ff9b2fb4bee19481147710d.exe 90 PID 1912 wrote to memory of 4980 1912 d50c6aad7ff9b2fb4bee19481147710d.exe 90 PID 1912 wrote to memory of 4980 1912 d50c6aad7ff9b2fb4bee19481147710d.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\d50c6aad7ff9b2fb4bee19481147710d.exe"C:\Users\Admin\AppData\Local\Temp\d50c6aad7ff9b2fb4bee19481147710d.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1912 -
C:\Users\Admin\AppData\Local\Temp\d50c6aad7ff9b2fb4bee19481147710d.exeC:\Users\Admin\AppData\Local\Temp\d50c6aad7ff9b2fb4bee19481147710d.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4980
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5318bdcc9b543cc9694c19dc3f359592e
SHA10980e6a85f699d6c085ddff312b476ea3ebd1cf8
SHA256a0168d6807441e9928e8f1f1a70beec0e1de7a0c90e9e6487f0f571a2109e370
SHA512af52404de7a51ef67bff8129e73a560442755a9e3e8ec5f0f450771eba26e127e05aab2cc439668460e7987238dedf304ba1763d51bd7c62f87043aae1a54b8b