Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

26b7b6262c...bc.exe

windows7-x64

7

26b7b6262c...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26b7b6262c21513bfe0dd4a5dc2946bc.exe

  • Size

    1.9MB

  • MD5

    26b7b6262c21513bfe0dd4a5dc2946bc

  • SHA1

    9ca4f0a8b22579a153d1313d18d18f6c63ce7b17

  • SHA256

    ec730b748134fe66cbe8955e623a1dc51eb86842b96eaa9d52beed0884e8c6b8

  • SHA512

    6607c7d713cd63043de0dd0e52f8318ebe8e245f86694a75c3fc6c71ac6272d291fd3c1886b4165f686dcc68de2d480ee8bc6c1a897b5811b73b4a5494c07965

  • SSDEEP

    49152:Qoa1taC070dymE5HhS9gE32uVacbH4NeBb:Qoa1taC08E1E32uV/D4qb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26b7b6262c21513bfe0dd4a5dc2946bc.exe
    "C:\Users\Admin\AppData\Local\Temp\26b7b6262c21513bfe0dd4a5dc2946bc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4928
    • C:\Users\Admin\AppData\Local\Temp\929B.tmp
      "C:\Users\Admin\AppData\Local\Temp\929B.tmp" --splashC:\Users\Admin\AppData\Local\Temp\26b7b6262c21513bfe0dd4a5dc2946bc.exe 91E6F0FD8234E750B730804E116BA977317CACB3FBC7FCFA12F2931A629E4A5A7D299E24F793BF4A2D9BD1A3F8EF801882AF78EA62EF7DADEBFEBBD28DE10BF5
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\929B.tmp
    Filesize

    120KB

    MD5

    9b10e8dcf979f3228f232691f5b5cfcc

    SHA1

    526e4dd4de31bc2c8b59cd6520a0ec63425fa743

    SHA256

    5fec2b511c063df5037fea3ac31e68fe6a0304e98b458f2bdef74e07bdb2f956

    SHA512

    18049845afc27b52a356a30df641d124903a13badced4f0068bcce9f9f41e95110409a7f5f51cf185d06db1de1c7d27aa163a2a9e5fd2847c535fd2e08476daa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\929B.tmp
    Filesize

    56KB

    MD5

    015bc0d01625fcb97e9e8b01ab8c745b

    SHA1

    cfe643bac7842874d8e8c9ed8517913c4a646df0

    SHA256

    d927b13560421213a145957c9b726023127cfda2d2e26e6624e86510bb331a81

    SHA512

    f1adfb7d462536053f936b3e6975a4985a2d5209d3a9ee8ed0b0c4d274b4d1cde71a1223f99c28e5a372c67254e0a73bd9ade295534d40540b5e86ee55c6c94c

    Download Submit

  • memory/3928-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4928-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download