Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

26bdbdbee4...b3.exe

windows7-x64

7

26bdbdbee4...b3.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    188s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26bdbdbee492463978b4d482d36e9ab3.exe

  • Size

    412KB

  • MD5

    26bdbdbee492463978b4d482d36e9ab3

  • SHA1

    c32284365040b44c6bee2379ab6fbb7a61e47846

  • SHA256

    113831c843267ceb45f7fb0ae82b249e8d84ce2d9f6b1ea00aa7bf4eb7a2ea2d

  • SHA512

    e11c3d8c149b69ad5b531508c070a43dd1fee8d670f8dd376425552586265025cc97561dc85d73b97e35735dffcd22fae417f8d21fa2ddb41293ccd17e75c95d

  • SSDEEP

    12288:gutrzh9xOXklb5UeIVWWqRYnHA7PpOgztjNuq:gutr5OUlbI0FR+A7PUXq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26bdbdbee492463978b4d482d36e9ab3.exe
    "C:\Users\Admin\AppData\Local\Temp\26bdbdbee492463978b4d482d36e9ab3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Users\Admin\AppData\Local\Temp\iplug.exe
      "C:\Users\Admin\AppData\Local\Temp\iplug.exe"
      2⤵
      • Executes dropped EXE
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\iplug.exe
    Filesize

    872KB

    MD5

    2aa0002b508ad754f9b4fc2cf304f9b7

    SHA1

    10cae9a9bfca92852193b59993f6eae35c3bc87d

    SHA256

    18e87ff8e3c7ee52f85d9588e7852361b5239280e99cb73d0918500b87ed92af

    SHA512

    2264c0ee5aa29eefaea29e46e739ccf69db2ddf39fc07e2135523a30a4cab48fce857a1cd3b775983c33364ed96b4bc8d88141fd355e6fe3148ca4b2e1c96328

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\iplug.exe
    Filesize

    639KB

    MD5

    0dd4d79895e8c88ea14e49cc5bf894b0

    SHA1

    84019e486b502f84b75d851996959d037c9d6ce6

    SHA256

    ae0ba4178d193bd10c940b84bb8f221610a8351f33d9eb68aa31d48ece7add62

    SHA512

    6adef3f2371b55eab92a5ad6b99744c2276fea018474ac7f54d9ffbf545be434ea08d40f86ab585d557975cd3115af8b65c49103c72b62952bf5d6ec893edb72

    Download Submit

  • \Users\Admin\AppData\Local\Temp\iplug.exe
    Filesize

    163KB

    MD5

    798c232628de46719395b6cc5a4b0bb9

    SHA1

    931cd13409c43c73296e77c30a278b9cffacf2a0

    SHA256

    9b8f1a37716631d7c327bea60eceff770d7e080b8732950b75a6a1ea48a6afd2

    SHA512

    0cecec2c32a44975508a07a42da629c10192e4649c60a717ab192dffa467aa286041b3e23f4aa16e31dd466f08b279a5206c6eae1887d389bc9160d4f1e0037e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\iplug.exe
    Filesize

    763KB

    MD5

    c3fe8eb24ff49ae5195f7445bdb6a2e8

    SHA1

    5fbc2b1df99756e2b556277090f5aa05db88d95e

    SHA256

    34f58489ff293fb90ede44065a33149525033edb750acc3997389cada149593a

    SHA512

    2fceb1429de5fbf4296a228724940c0c782d3a05830df450423fb125151347fffd3551df0fb65bc6ce746454a3cdd8c52fb355741c7972f4469b32fbd8d3f138

    Download Submit

  • memory/3060-10-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3060-11-0x0000000000380000-0x00000000006F8000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/3060-13-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download