Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 00:08
Static task
static1
Behavioral task
behavioral1
Sample
e04c28e28ec9f140c53278c33006b401.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e04c28e28ec9f140c53278c33006b401.exe
Resource
win10v2004-20231215-en
General
-
Target
e04c28e28ec9f140c53278c33006b401.exe
-
Size
82KB
-
MD5
e04c28e28ec9f140c53278c33006b401
-
SHA1
f3d811ed112c02718c877aa3d3efdf8f9e3c95c8
-
SHA256
2e39e192b195f4a2b4fb4796575e77a954bb609caae712fc91d34b8d27d4eda3
-
SHA512
4ab4f434f5ddbafff23ac27da149c9f16fbe1ab8a4a0d4cf25dfcfa33c664baea8561a926df3fbd15f53d378e02d0ab27d574c9dfb0aefb79467dbb876a78eb2
-
SSDEEP
1536:9ErgYAJNje7rSFGf2dRYGdN5Bd9BD4qQ1d44P41gPIYc3qAKpUWOQK3Qb2:9MgLC+FGwdN5Bd9BsqWNP726HpCQmM2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3296 e04c28e28ec9f140c53278c33006b401.exe -
Executes dropped EXE 1 IoCs
pid Process 3296 e04c28e28ec9f140c53278c33006b401.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 976 e04c28e28ec9f140c53278c33006b401.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 976 e04c28e28ec9f140c53278c33006b401.exe 3296 e04c28e28ec9f140c53278c33006b401.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 976 wrote to memory of 3296 976 e04c28e28ec9f140c53278c33006b401.exe 86 PID 976 wrote to memory of 3296 976 e04c28e28ec9f140c53278c33006b401.exe 86 PID 976 wrote to memory of 3296 976 e04c28e28ec9f140c53278c33006b401.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\e04c28e28ec9f140c53278c33006b401.exe"C:\Users\Admin\AppData\Local\Temp\e04c28e28ec9f140c53278c33006b401.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:976 -
C:\Users\Admin\AppData\Local\Temp\e04c28e28ec9f140c53278c33006b401.exeC:\Users\Admin\AppData\Local\Temp\e04c28e28ec9f140c53278c33006b401.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3296
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD58848a95a5c7b6afcb1cd5d0870e5ac67
SHA1f18d2767dbe4c8a7f2de8ce25c1976135cffc88a
SHA256204993a3b1a8879f49c1b7156f3332b0a4497a42d30db377994befec776f6cb1
SHA512b8e7d8b0d44718b179d66f7ab0b53ce8670ef0d1a2fae0d4cf1f276301121c416bec02234988559c21e2abb3354c6d506a48e29768df176031a1cbbacc3c73c5