Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

26eb19c118...cf.exe

windows7-x64

26eb19c118...cf.exe

windows10-2004-x64

Analysis

  • max time kernel
    18s
  • max time network
    29s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 03:58 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    26eb19c1184a586bb3e0798c855f2d35444550cf995a22896150fd55cf2470cf.exe

  • Size

    100KB

  • MD5

    febab24a047e2fb8aae0484ff78e8eac

  • SHA1

    b0038379bcffce15bf3470a94bc049c7ef19ca94

  • SHA256

    26eb19c1184a586bb3e0798c855f2d35444550cf995a22896150fd55cf2470cf

  • SHA512

    5f7ab73200ba9ede941d4bee805d1b1699cbd3599ebcbcf88e31130bd7f40052bc7c68c051715ebff8c285cc1ba7936b767251e50dbaa17480b49f7dbc0375d2

  • SSDEEP

    1536:h6khS0G4iVa/59LJlVQ8CRkjsCLpG/dfDqHApEPYTAx8MAPgefoAZ0Dob8qte:hg4iVi59lQ8CGBGlfOgmX8vzoA+Dobt

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26eb19c1184a586bb3e0798c855f2d35444550cf995a22896150fd55cf2470cf.exe
    "C:\Users\Admin\AppData\Local\Temp\26eb19c1184a586bb3e0798c855f2d35444550cf995a22896150fd55cf2470cf.exe"
    1⤵
    • Drops file in System32 directory
    • NTFS ADS
    • Suspicious use of AdjustPrivilegeToken
    PID:4532
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39e8055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:3376

Network

    No results found
  • 67.24.171.254:80
    260 B
     5
  • 52.182.143.210:443
    276 B
     6
  • 52.182.143.210:443
    104 B
     2
  • 67.24.171.254:80
    46 B
     1
  • 67.24.171.254:80
    46 B
     1
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4532-132-0x0000000001000000-0x000000000101A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4532-133-0x0000000001000000-0x000000000101A000-memory.dmp

    Filesize

    104KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.