Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

26f73c2640...95.exe

windows7-x64

7

26f73c2640...95.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    194s
  • max time network
    214s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 03:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26f73c2640d87829dd50dc2bcf0b8895.exe

  • Size

    1.9MB

  • MD5

    26f73c2640d87829dd50dc2bcf0b8895

  • SHA1

    102171d517164e36cd76e5b2cedfdac109b1f48b

  • SHA256

    864312702677789cd96d93dc9d1cd3a558d9f2c08e9b55030a8cfe987c1050f4

  • SHA512

    14ada5ba81fd9b371a5ddfb2951fecd0be7da85a62e35b79b7ca0f8414ad999ee933ef9faeb0285eb5c962e327952bc92681ece2c24144ae0fa532df99e4da5e

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dEfuPTPQ58oMRuuZli5/KhlTrf9W61F6+L0Hc:Qoa1taC070d1myR+pK71//pPVRkotp9

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26f73c2640d87829dd50dc2bcf0b8895.exe
    "C:\Users\Admin\AppData\Local\Temp\26f73c2640d87829dd50dc2bcf0b8895.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\Users\Admin\AppData\Local\Temp\FD18.tmp
      "C:\Users\Admin\AppData\Local\Temp\FD18.tmp" --splashC:\Users\Admin\AppData\Local\Temp\26f73c2640d87829dd50dc2bcf0b8895.exe 8ABA8DE7B785BFFEAAFD181FACC5F7EA355AFF857093C0E25B21E8B22055BDBB0ED5E8BC62C9F1B3EE9B5F678EF53F3BF5D8A9005AAF74C071B9C3BEA329CE9F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\FD18.tmp
    Filesize

    306KB

    MD5

    b90ae19261a1ea78801fc97dbe72ff96

    SHA1

    c4d562c06ad8aafa35b23acdae62612dc35193ab

    SHA256

    fd4ca6ccf3bc4e77a174d64d2555a00db1a1b578a876b5f29dad626767abd7fb

    SHA512

    e3a24162a36e142881ee035d506600c09d46560bbd19c018e393a69aedf3c75103a4a38780f0c168823451368144ea1d55fddbe8850af9b3ec8f58931fc8d35a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FD18.tmp
    Filesize

    272KB

    MD5

    4e0befc1d9261e02b00fd894e3329860

    SHA1

    34b1eda3248d5d6f41db2b2aff5527ba1ab039ae

    SHA256

    443e1ebcab070e2050107f195a4d8a544df86486f60f9644818b8a63433b32c3

    SHA512

    0ac306ef1b2c53d0e483ef39aed4c6c83b034cd7b51191aeec42add276a453e2a664cc2bb5621deb63cfc272651525df1cdc9ae72994c6f71f1b4ff4539e3338

    Download Submit

  • memory/4932-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5024-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download