Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2c1bcb3d3e...9b.exe

windows7-x64

7

2c1bcb3d3e...9b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c1bcb3d3eac5548233ea846169e289b.exe

  • Size

    1.9MB

  • MD5

    2c1bcb3d3eac5548233ea846169e289b

  • SHA1

    c122066f4b2d03f1a40223144923e22a3b489867

  • SHA256

    085f6e82f6881a83dde5dd6edfbfb3f97671fa73cd284909cdc092a1322ebd16

  • SHA512

    a017ed0481a1ed92783b0833968e5f47e6c3381d02ccb7268f1c2959dff6fbc301bdbe4afbd2b42e7b57a24d01a584377e28ff9fafc3f3d78c039ba694787713

  • SSDEEP

    49152:Qoa1taC070dOdeou65oxuRZMo2/Qyu2wezixSMnAher:Qoa1taC0LIQ9b1DxS6r

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c1bcb3d3eac5548233ea846169e289b.exe
    "C:\Users\Admin\AppData\Local\Temp\2c1bcb3d3eac5548233ea846169e289b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Users\Admin\AppData\Local\Temp\BBE0.tmp
      "C:\Users\Admin\AppData\Local\Temp\BBE0.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2c1bcb3d3eac5548233ea846169e289b.exe 6C099612B8F14E8D01FB692563AB10700F4728293060998446B63A2D93E1589CBE70BA9D60F33B4184125C88735E04FA7B30015653B0CD3B6896595BF4A8FDB4
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BBE0.tmp
    Filesize

    92KB

    MD5

    6e1ade04ace562019dbec7c80c9e402e

    SHA1

    04916d71593e6767c16b8a3dc34fc62557dc474e

    SHA256

    2c28bfbad146c1ee725595e00c7e1230f737265ad3801a01c220d16a0d0e9f35

    SHA512

    f03d1cb741a8f4a928201ac9d15038f234a5cd71a890c7001e5b9a19503149995c7686be9e9d19ccbe5757d752bfe541a60f819382b8aa579e3564c6c140ba38

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BBE0.tmp
    Filesize

    879KB

    MD5

    1f59b2cd2d813db1721f94e6d9af6c5f

    SHA1

    46d13e70dd4998fa98f1d367100f8c7842bd2811

    SHA256

    b090213b347842f4816b84cd9043bda9d34612e5ddd2946993fac3de3775d483

    SHA512

    c41c30d52132a017cf9b8f1327b2e69f9b5dea5e9ee06ad2ea374290b55cd15323198739554b7fb4686009e02ecc0682c6e2672c3d1c6ff26e2530151dbc028f

    Download Submit

  • memory/1660-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2368-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download