Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

21bc5de333...cf.exe

windows7-x64

7

21bc5de333...cf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21bc5de333753311f32bf3aa9dc3e2cf.exe

  • Size

    1.9MB

  • MD5

    21bc5de333753311f32bf3aa9dc3e2cf

  • SHA1

    8363fbf33d0f27671f435a9ba69168c9cf6cf3f2

  • SHA256

    978cd4291590fdca4c8e4df2cd65a62a4a1cb9c9baac6101b5af6d3e8a034151

  • SHA512

    0a94c24de4c227dcbe7a99bbcf40a1ef64b0a8e96c8e902540b67b41e47127001deb58bd733af293a1240d2b2cae40b88c8e34206e7a6c26a4fc1edfc78f1393

  • SSDEEP

    49152:Qoa1taC070ddyt61FYMyQAXSTVctVQTq16pDDrCW:Qoa1taC0781HyFXSTVcny2W

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21bc5de333753311f32bf3aa9dc3e2cf.exe
    "C:\Users\Admin\AppData\Local\Temp\21bc5de333753311f32bf3aa9dc3e2cf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Users\Admin\AppData\Local\Temp\D893.tmp
      "C:\Users\Admin\AppData\Local\Temp\D893.tmp" --splashC:\Users\Admin\AppData\Local\Temp\21bc5de333753311f32bf3aa9dc3e2cf.exe 3EB3B2E63D9755E43BB2192FA11053C7CC72A1A28E95E40E7F1EE254B15BB95898DD360A7F6D1D7E79E2C1D81EECE151449406F71EDFCA5ECEA0D85D7E0A16BF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D893.tmp
    Filesize

    1.9MB

    MD5

    4b32e708226610e09402a0a3b6895016

    SHA1

    f8f77fbdf17a22377ec9943d2613593823922fd6

    SHA256

    a3fd9e4ccecade543d83d9af0d35207529444087b321dd7f02ea6e220709f350

    SHA512

    704646af1eddd0757081d84da92441794e41bb15ed0f6ba0a5b9960935b2288d693b823243417409b025bcad1dad6a29dc187a466862acacecfe675048ee884e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\D893.tmp
    Filesize

    1.7MB

    MD5

    98fb024cf2ba91662a49d0dc7a8e1ddd

    SHA1

    717328dc09790305b14f7d1b3afa0135792369a2

    SHA256

    4d83ef954eed9d8fefee0b6d308cceca99b47fdc92b23a09555ef977f3cfc89c

    SHA512

    b9caf534e0e0d2671f918e968d1bff1acec1362a62e7529be75476c1873fde23a2b15c29bb5845defd6037f3d810bde688c2c71bdaa7078b4b0340287f0189c3

    Download Submit

  • memory/2680-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2796-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download