Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 19:45
Behavioral task
behavioral1
Sample
d6f71a2259cdccd72bd1d1f5c6b80bde.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
d6f71a2259cdccd72bd1d1f5c6b80bde.exe
Resource
win10v2004-20240226-en
General
-
Target
d6f71a2259cdccd72bd1d1f5c6b80bde.exe
-
Size
1.5MB
-
MD5
d6f71a2259cdccd72bd1d1f5c6b80bde
-
SHA1
66bfeaee0e2687be1a23ff395e8a3f3907e1838d
-
SHA256
a41516a076e57cbaa454ee3cb1598cda04605638301dab909086dbe592708394
-
SHA512
bb85da4e0222b00cf779b11bd3d93a5ac9162b8e1fb08fd86249d22093b3c78c51ecac256c8d6feaf962a8551204ac2110b881c7ecbc7b4d7be5ada616428d2d
-
SSDEEP
24576:RKZ34vK/gpFavxr3tiif1XWYaqnJpHhtYMjPoz4nJXhIbf/5yL+M0W:RMIve8Fto1QqltYFz4nHIQ6M0
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4948 d6f71a2259cdccd72bd1d1f5c6b80bde.exe -
Executes dropped EXE 1 IoCs
pid Process 4948 d6f71a2259cdccd72bd1d1f5c6b80bde.exe -
resource yara_rule behavioral2/memory/3936-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0010000000023128-11.dat upx behavioral2/memory/4948-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3936 d6f71a2259cdccd72bd1d1f5c6b80bde.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3936 d6f71a2259cdccd72bd1d1f5c6b80bde.exe 4948 d6f71a2259cdccd72bd1d1f5c6b80bde.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3936 wrote to memory of 4948 3936 d6f71a2259cdccd72bd1d1f5c6b80bde.exe 88 PID 3936 wrote to memory of 4948 3936 d6f71a2259cdccd72bd1d1f5c6b80bde.exe 88 PID 3936 wrote to memory of 4948 3936 d6f71a2259cdccd72bd1d1f5c6b80bde.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6f71a2259cdccd72bd1d1f5c6b80bde.exe"C:\Users\Admin\AppData\Local\Temp\d6f71a2259cdccd72bd1d1f5c6b80bde.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3936 -
C:\Users\Admin\AppData\Local\Temp\d6f71a2259cdccd72bd1d1f5c6b80bde.exeC:\Users\Admin\AppData\Local\Temp\d6f71a2259cdccd72bd1d1f5c6b80bde.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4948
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5c5eb08b2d4ecc567666dc0e5d3d20495
SHA16ae4d3035dd0231b2d288808978809f4aed6928b
SHA2569dd5bef2960bb3a7c3eaca7378f6f4dd41fd993c23f2884b2164eea269a016ae
SHA5125cc8a6cb9d8fab753cac9b5a02ba9580499b74270bff7f558ed5b8a922d16985748ee8f0f38a50b25c83afff3b5864097dbf17ce1bc27db8cb2bf025619a2089