Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

26b7b6262c...bc.exe

windows7-x64

7

26b7b6262c...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26b7b6262c21513bfe0dd4a5dc2946bc.exe

  • Size

    1.9MB

  • MD5

    26b7b6262c21513bfe0dd4a5dc2946bc

  • SHA1

    9ca4f0a8b22579a153d1313d18d18f6c63ce7b17

  • SHA256

    ec730b748134fe66cbe8955e623a1dc51eb86842b96eaa9d52beed0884e8c6b8

  • SHA512

    6607c7d713cd63043de0dd0e52f8318ebe8e245f86694a75c3fc6c71ac6272d291fd3c1886b4165f686dcc68de2d480ee8bc6c1a897b5811b73b4a5494c07965

  • SSDEEP

    49152:Qoa1taC070dymE5HhS9gE32uVacbH4NeBb:Qoa1taC08E1E32uV/D4qb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26b7b6262c21513bfe0dd4a5dc2946bc.exe
    "C:\Users\Admin\AppData\Local\Temp\26b7b6262c21513bfe0dd4a5dc2946bc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Users\Admin\AppData\Local\Temp\DD54.tmp
      "C:\Users\Admin\AppData\Local\Temp\DD54.tmp" --splashC:\Users\Admin\AppData\Local\Temp\26b7b6262c21513bfe0dd4a5dc2946bc.exe 698CF094386BB1933E15F801AF95848F0FB40473F580FE8A7D2533BB2D8B3C1176A460D7127AFE6DBD4F5B10E765A9F0C336ABCC68C9D5F841509B4548F2B922
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DD54.tmp
    Filesize

    891KB

    MD5

    a4b13518ac1050573400dfb2a99c3804

    SHA1

    9ab4c5866b51b6b3531cb382047eca3799503780

    SHA256

    404cfdc596b781748e85faf233b2153cc758ef018f9e8c1cbe62c45378adbbce

    SHA512

    75e930eea1046b05092f9739500dd6bbf190b6ae8c81f1f301e9060294832f9c6a5bae82656f3d552d7f1f986cb65d9c889147cde85d2451229d0ec38079c78d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\DD54.tmp
    Filesize

    864KB

    MD5

    a9691a1cb5676a64493a81de203dcdb8

    SHA1

    e59c7a73f32d25635254aa05f225341943c4e80c

    SHA256

    4c2d39dad4819c5e11da4fcb8ae7a2ac59832753e2c7c6190f5c5695e2a8c509

    SHA512

    5a049b3fa66a90421be5c149e521a49d0ee7df90be5fe3da9769d1aaf932d9af7d606d410aa4bb1c5eb758c1cef7afa2ee10dedf1c9840b4d98511b47f01757e

    Download Submit

  • memory/2404-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download