Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26/03/2024, 09:56
Behavioral task
behavioral1
Sample
dee17e6ac122e857bf727ea820dc115a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dee17e6ac122e857bf727ea820dc115a.exe
Resource
win10v2004-20240226-en
General
-
Target
dee17e6ac122e857bf727ea820dc115a.exe
-
Size
1.3MB
-
MD5
dee17e6ac122e857bf727ea820dc115a
-
SHA1
7ecbe947a154823796f3329215df5e25813898a3
-
SHA256
30f4f39a0cfa3773c60f345606b22775fef4e1e2b580aab6fd96ff437c2ec05b
-
SHA512
44a98b0f3e77703beeaaaa5254d103dcff9b979fd27d3988b807567a7bc3e61ce84aee0305bbf3a574639c56804d5556bef81a667ba275a8909cd29b658fb610
-
SSDEEP
24576:ZQ4W91KZ8WdBJZPW4jReGP1zGeQZONCl1bwHskyS5juTrc6PIEKvG:QGZ8EBPPLlek1JU8CyuTrc6PI
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 772 dee17e6ac122e857bf727ea820dc115a.exe -
Executes dropped EXE 1 IoCs
pid Process 772 dee17e6ac122e857bf727ea820dc115a.exe -
resource yara_rule behavioral2/memory/3564-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x00020000000227ea-13.dat upx behavioral2/memory/772-15-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3564 dee17e6ac122e857bf727ea820dc115a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3564 dee17e6ac122e857bf727ea820dc115a.exe 772 dee17e6ac122e857bf727ea820dc115a.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3564 wrote to memory of 772 3564 dee17e6ac122e857bf727ea820dc115a.exe 97 PID 3564 wrote to memory of 772 3564 dee17e6ac122e857bf727ea820dc115a.exe 97 PID 3564 wrote to memory of 772 3564 dee17e6ac122e857bf727ea820dc115a.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\dee17e6ac122e857bf727ea820dc115a.exe"C:\Users\Admin\AppData\Local\Temp\dee17e6ac122e857bf727ea820dc115a.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3564 -
C:\Users\Admin\AppData\Local\Temp\dee17e6ac122e857bf727ea820dc115a.exeC:\Users\Admin\AppData\Local\Temp\dee17e6ac122e857bf727ea820dc115a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3180 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:81⤵PID:4988
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD54d654e7245b172233237006782477409
SHA1a8240120d859583b7975521ab3d568d92dd699ba
SHA2564c0a05d7010d46735eda6d36eb0790d86b02a777b9ce7dd5e6ef20311c209109
SHA51256d1fb72fd2cb637a784d6fc713bbf0072ed0dab84a9c21a6c1c352d424a3cddefcafdb97336ba24e2a4ed226d84d2d87649bd5ac6a768a48130d7e0a033fe03