Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

260e139956...02.exe

windows7-x64

7

260e139956...02.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    18s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    260e1399561c2ad320b8a3df089bfe02.exe

  • Size

    1.9MB

  • MD5

    260e1399561c2ad320b8a3df089bfe02

  • SHA1

    b3a502d0a7553736d158a8a19d51b0489f949543

  • SHA256

    a4ef869063b73c783dc03b6e40b14cfa7eacf69e179c72c00f8739c2381e682a

  • SHA512

    07b15aac0fec899baeb12cc3ae7519a06537ea346c71d58a4e8842f5ed70e88fd79942c9318dc4a1df597fcb651436a56bf1615fba6496248503ffb1b7486889

  • SSDEEP

    49152:Qoa1taC070dfA4F0GLrHClKLlCbVFl7NsTbU:Qoa1taC0B4BLTwLlB+U

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\260e1399561c2ad320b8a3df089bfe02.exe
    "C:\Users\Admin\AppData\Local\Temp\260e1399561c2ad320b8a3df089bfe02.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\A8CD.tmp
      "C:\Users\Admin\AppData\Local\Temp\A8CD.tmp" --splashC:\Users\Admin\AppData\Local\Temp\260e1399561c2ad320b8a3df089bfe02.exe 704F785906AC14CA40C049412EAE2BE2A7E064A0E27DC990D049614DD5C35EF72F2DA91B9FEE0377505D473E221D9C267C4BCA831D806A77780E18500A417939
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A8CD.tmp
    Filesize

    309KB

    MD5

    eef3aeeaf57747e042ed625dbdaede85

    SHA1

    370d7aef013c1e4733d4c7b1f25e24013a5b4d3c

    SHA256

    bf9cf837b64490ab84d2c6589e0664fa9cdb786723b41cca726e43da9b823f53

    SHA512

    c01cf7e0aea2dafba1461bdfab5f7fc937e6fe191c6417e7681b2166a6d50cb857e2c508b0e7b30d0b6741d33f59dd607c53e44cc378e30b1149887b2f9835f6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\A8CD.tmp
    Filesize

    425KB

    MD5

    2a76f50862f8bfde7980779f7f84b378

    SHA1

    a4a019638965237ae5ce560f0f8f0477fe20d94f

    SHA256

    881163260146d5c8a5055d18d5b4b471e883e7abd712dcc705e609767af3e775

    SHA512

    4250e3d2654eb65edb8fa8658d65d88535efed369956aa7974ef54cef283f9afb33154f7dd59f18ec2e5595853932a9932a44d967507af639307a1b3af8d8bcc

    Download Submit

  • memory/2324-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2796-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download