Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

21bc5de333...cf.exe

windows7-x64

7

21bc5de333...cf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    166s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21bc5de333753311f32bf3aa9dc3e2cf.exe

  • Size

    1.9MB

  • MD5

    21bc5de333753311f32bf3aa9dc3e2cf

  • SHA1

    8363fbf33d0f27671f435a9ba69168c9cf6cf3f2

  • SHA256

    978cd4291590fdca4c8e4df2cd65a62a4a1cb9c9baac6101b5af6d3e8a034151

  • SHA512

    0a94c24de4c227dcbe7a99bbcf40a1ef64b0a8e96c8e902540b67b41e47127001deb58bd733af293a1240d2b2cae40b88c8e34206e7a6c26a4fc1edfc78f1393

  • SSDEEP

    49152:Qoa1taC070ddyt61FYMyQAXSTVctVQTq16pDDrCW:Qoa1taC0781HyFXSTVcny2W

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21bc5de333753311f32bf3aa9dc3e2cf.exe
    "C:\Users\Admin\AppData\Local\Temp\21bc5de333753311f32bf3aa9dc3e2cf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\Users\Admin\AppData\Local\Temp\C196.tmp
      "C:\Users\Admin\AppData\Local\Temp\C196.tmp" --splashC:\Users\Admin\AppData\Local\Temp\21bc5de333753311f32bf3aa9dc3e2cf.exe 8AE52487A709D30B09314601F17204123054503233E45A252B021A1AC7537E2AB4B17415A20C767168176218A318403604B7C1327C9D5932D42EBDEBA57F38C3
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\C196.tmp
    Filesize

    1.9MB

    MD5

    eb04d733829e9df7ceb5f4eb65a49934

    SHA1

    a082e2317452c3f8239c2c08cafa8a1ebd5d8952

    SHA256

    ec2170c1102b2e1dad9daa63f8e1bd0a4c79bea0c478f69c257fb6d593a993b9

    SHA512

    8fb61540ddbff3666de34435a6d047ea6f761b147adf997f168ca88ded6b5c2685029f79d0130e64f6e88b8f03bf957c2fb4ebf5dd6dbe5bb7fa8366d0a4f883

    Download Submit

  • memory/1188-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4632-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download