Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 12:54
Behavioral task
behavioral1
Sample
e1b766ed00de414ba2529222c5215208.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e1b766ed00de414ba2529222c5215208.exe
Resource
win10v2004-20240226-en
General
-
Target
e1b766ed00de414ba2529222c5215208.exe
-
Size
5.3MB
-
MD5
e1b766ed00de414ba2529222c5215208
-
SHA1
6e9f800788cdd96e684badd6edcd7405c646afaf
-
SHA256
82e0c069c5cecf4c467fe546dc0f0afa8f7dad258afada96b9e64d1ebeb5b8df
-
SHA512
fb9392a7ac5fb2418fff3bdb11777cf099c13e5c3aca3d6279a53e6cee3042f8cbcd677c2503a07101265f8bea82de72c1646707f071cde18dff9b1969131c66
-
SSDEEP
98304:WTSZST0xllEjwDTP0r2hUedIod96yQllEjwDTP0r2hUe:qSZSgaUiLeyaUiLe
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4664 e1b766ed00de414ba2529222c5215208.exe -
Executes dropped EXE 1 IoCs
pid Process 4664 e1b766ed00de414ba2529222c5215208.exe -
resource yara_rule behavioral2/memory/4584-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x000300000001e9a0-12.dat upx behavioral2/memory/4664-14-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4584 e1b766ed00de414ba2529222c5215208.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4584 e1b766ed00de414ba2529222c5215208.exe 4664 e1b766ed00de414ba2529222c5215208.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4584 wrote to memory of 4664 4584 e1b766ed00de414ba2529222c5215208.exe 89 PID 4584 wrote to memory of 4664 4584 e1b766ed00de414ba2529222c5215208.exe 89 PID 4584 wrote to memory of 4664 4584 e1b766ed00de414ba2529222c5215208.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe"C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4584 -
C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exeC:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4664
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.3MB
MD55490eeaf134b4bba299ea8df836ce669
SHA1b107f3e2bb25795a86f8c49e17719c47b5dc030e
SHA256db69a9bd9f4b4028fd01eb544f8ac3a5ebd56f26754572c01638eac9f7399fde
SHA5121f02b60a749d4ade30d017b9977d4a35e77a7035f317da5309e5d2746c29380b3a98daf75ea0065f5023bdeeaac3e4b04e8c43e1ccb04455fee62a146ca0cc11