Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Limepadbgg...e2.exe

windows7-x64

7

Limepadbgg...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2023, 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Limepadbgghhcjbed3_browsingExe2.exe

  • Size

    43.0MB

  • MD5

    0ed6451ffe34217e44355706f4900ecc

  • SHA1

    7bbd668c65212e018dca1635b3700a1b7c8c3a59

  • SHA256

    ce6e4adea3e6c4000f703a612f46c6c8032fa883f132905028338aef00c9d71b

  • SHA512

    dd10bbe4e5d73ebd2738bb50558efa745720a81a0bf8d56309881e9ee4f357733819b36b8ac1435c0b2203dd86375e4e81403f3da058700a799b3b678977ea67

  • SSDEEP

    786432:EAWtNoDcVfj+iSitCAHCXMlfODMTHdSqp3qVjEHoO95zdCkdevRxNxoNQE0:Ep3oDcVL+iSsCAHiMhoMTHsqpaI5D9dC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Limepadbgghhcjbed3_browsingExe2.exe
    "C:\Users\Admin\AppData\Local\Temp\Limepadbgghhcjbed3_browsingExe2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Users\Admin\AppData\Local\Temp\Limepadbgghhcjbed3_browsingExe2.exe
      "C:\Users\Admin\AppData\Local\Temp\Limepadbgghhcjbed3_browsingExe2.exe"
      2⤵
      • Loads dropped DLL
      PID:260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\PyWinTypes27.dll
    Filesize

    107KB

    MD5

    3c68f9ea662189be307dd8bc8842a1f5

    SHA1

    79d38e9d9a9c229a8e722d13565a15d2c9d3fb64

    SHA256

    8bc68cf188e89156493a41370adec25e9216e90e0f53dc4abf6980fe0612e996

    SHA512

    572e3dbab23c5273078d1d934bc3f0ffa29caa9fda955e5c9a4c6013dc2ca9d89a5abdcd3158f0e01fadc13c8da604178bdd726d355b5ad4b1067330deeec078

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\_socket.pyd
    Filesize

    46KB

    MD5

    c09b45502b40e17ea85da99b45c97bb9

    SHA1

    0578ad2993c827502f47f78184cb640a3029a368

    SHA256

    67b9dc047566250da1905751c96208bc78b2d558446e4e447ed32dbfdd399c13

    SHA512

    3c66d3f8ab7aa2930b3ba78f06711d107c9016d202a67de8d2d3806bab536549dd82f83c0331b44ff9ac5231273876515e0034bdbde7436853d17c16903150a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\_socket.pyd
    Filesize

    46KB

    MD5

    c09b45502b40e17ea85da99b45c97bb9

    SHA1

    0578ad2993c827502f47f78184cb640a3029a368

    SHA256

    67b9dc047566250da1905751c96208bc78b2d558446e4e447ed32dbfdd399c13

    SHA512

    3c66d3f8ab7aa2930b3ba78f06711d107c9016d202a67de8d2d3806bab536549dd82f83c0331b44ff9ac5231273876515e0034bdbde7436853d17c16903150a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\_ssl.pyd
    Filesize

    1.3MB

    MD5

    f12a4d8a3bb4d4c589cebc25373ca1ff

    SHA1

    3e018b0b54bec184c182de381a02aaadece97a39

    SHA256

    01a11ad86603f47ee4b5aac18d6534d43865a16978aa245ebbc29ba68d701078

    SHA512

    6928c03b242a658bd61e443b39ac5f98e6ca590f29be30ec6c9f3505aae3da98307b01c38ac6f294e7ea59765c6302f9c27bbe05a13a167aa90559487cb865ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\_ssl.pyd
    Filesize

    1.3MB

    MD5

    f12a4d8a3bb4d4c589cebc25373ca1ff

    SHA1

    3e018b0b54bec184c182de381a02aaadece97a39

    SHA256

    01a11ad86603f47ee4b5aac18d6534d43865a16978aa245ebbc29ba68d701078

    SHA512

    6928c03b242a658bd61e443b39ac5f98e6ca590f29be30ec6c9f3505aae3da98307b01c38ac6f294e7ea59765c6302f9c27bbe05a13a167aa90559487cb865ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\python27.dll
    Filesize

    2.5MB

    MD5

    797f4566d81c04ed5f21637d2d64197f

    SHA1

    63b3fc75231fafbd40a973a37812f1771ed4b5bf

    SHA256

    441caf8a1aed00caf6e9b28fec67a25c0af16fc1150c3caf848148397cc48e0e

    SHA512

    93f2370d600f35dafaadea426c65479e05246204513c28839903206ba3fa7b2c847a427a76ed3e522d5a27f251b5926d2f23506073fe182cac8546dab4d13e28

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\python27.dll
    Filesize

    2.5MB

    MD5

    797f4566d81c04ed5f21637d2d64197f

    SHA1

    63b3fc75231fafbd40a973a37812f1771ed4b5bf

    SHA256

    441caf8a1aed00caf6e9b28fec67a25c0af16fc1150c3caf848148397cc48e0e

    SHA512

    93f2370d600f35dafaadea426c65479e05246204513c28839903206ba3fa7b2c847a427a76ed3e522d5a27f251b5926d2f23506073fe182cac8546dab4d13e28

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\pythoncom27.dll
    Filesize

    388KB

    MD5

    b4497a1fcad0b37784d856746b056303

    SHA1

    695dbec335ba524f6b45696f0879b9772c3027db

    SHA256

    6b20498b518240cad985d8a0c8b09e65d556214e27757dbc042346ac4dae3cb1

    SHA512

    94c9baf0c79d3dcbb7d8068c44573dec2b5b63c3c4a51fe1c7b69cb4a1cb8bf7e65992cf5aef53cd7a1857099351acb5c96eb8cb42d40e60f31d3693ffa979f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\pythoncom27.dll
    Filesize

    388KB

    MD5

    b4497a1fcad0b37784d856746b056303

    SHA1

    695dbec335ba524f6b45696f0879b9772c3027db

    SHA256

    6b20498b518240cad985d8a0c8b09e65d556214e27757dbc042346ac4dae3cb1

    SHA512

    94c9baf0c79d3dcbb7d8068c44573dec2b5b63c3c4a51fe1c7b69cb4a1cb8bf7e65992cf5aef53cd7a1857099351acb5c96eb8cb42d40e60f31d3693ffa979f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\pywintypes27.dll
    Filesize

    107KB

    MD5

    3c68f9ea662189be307dd8bc8842a1f5

    SHA1

    79d38e9d9a9c229a8e722d13565a15d2c9d3fb64

    SHA256

    8bc68cf188e89156493a41370adec25e9216e90e0f53dc4abf6980fe0612e996

    SHA512

    572e3dbab23c5273078d1d934bc3f0ffa29caa9fda955e5c9a4c6013dc2ca9d89a5abdcd3158f0e01fadc13c8da604178bdd726d355b5ad4b1067330deeec078

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\support\gen_py\dicts.dat
    Filesize

    10B

    MD5

    f51138fd324f1012a838130c2edf5704

    SHA1

    2b871cbe2d95bddd3870c6911766cb95270ce18e

    SHA256

    f81481c4ddd1561601c612b644b63b6220c0664934fbe46155487a1786ede987

    SHA512

    59aac7b50254147c76111c686caa434fb0cf0538dc928125e7de827902c682396d86e5ed3546a8f3e070a674ba398f483aa06c92c5de66665b3a45b4f3fc5fb3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\win32api.pyd
    Filesize

    98KB

    MD5

    02b5f88ae396fb0b69a975bbc464b7fe

    SHA1

    374bcc044c21762d244e7376185893610d2970fd

    SHA256

    545b5d66d14cf86d1da83a5e80642d143cad4db96ba6d37f740e0e22ac3358c6

    SHA512

    8a0bde131e4cd304ef4b8a03b07b63646c1acf9cb2f7f3e1e7510db4305510c61b9ef8ddcd426c55ccb6828ab14313b4d643e5e31bdc943cc0cf00625c66d063

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI7602\win32api.pyd
    Filesize

    98KB

    MD5

    02b5f88ae396fb0b69a975bbc464b7fe

    SHA1

    374bcc044c21762d244e7376185893610d2970fd

    SHA256

    545b5d66d14cf86d1da83a5e80642d143cad4db96ba6d37f740e0e22ac3358c6

    SHA512

    8a0bde131e4cd304ef4b8a03b07b63646c1acf9cb2f7f3e1e7510db4305510c61b9ef8ddcd426c55ccb6828ab14313b4d643e5e31bdc943cc0cf00625c66d063

    Download Submit