Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

26cbfdd760...54.exe

windows7-x64

7

26cbfdd760...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2024, 14:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe

  • Size

    4.9MB

  • MD5

    782b3e4dfc98025aec34111c427a7c2f

  • SHA1

    4b2dd2bde8ceb903899d6dff4f9cb4765b399b07

  • SHA256

    26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54

  • SHA512

    576b67f11a4e4754abe7cc713aa36ccbfa9ca445206e7882327fe6c84a8539939d5a52c9fdb05e9641784627dec498b2fb198216fca558b9cd87536ba8641838

  • SSDEEP

    98304:tiTy7XAiOnT0txhfb7lY9ek7qkQM3j5fVh+FKVHBfvsNhPtQzkmeq7xiTVO:tBDAiC59ek7qkQuthYKFBfytQwmZli5O

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe
    "C:\Users\Admin\AppData\Local\Temp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\is-5QR61.tmp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5QR61.tmp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp" /SL5="$70122,4306939,770048,C:\Users\Admin\AppData\Local\Temp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe"
      2⤵
      • Executes dropped EXE
      PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-5QR61.tmp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp
    Filesize

    704KB

    MD5

    67ac0446f91e4c6787b35a5e250565da

    SHA1

    6816220128c062e54be6a8cfe37e5266d1f29b50

    SHA256

    54e2143950008a67701689aa516c1db8ab2bc80321383dcea4201690cc6dcf2a

    SHA512

    77bc2cec8a438e0065b7bf06c23d6561097d3d124f4d9469aefba6a4987d3d2a59da48eec9f259ec4ec1b5ba71cb99434cadf7199fefda2192077247028be2e7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-5QR61.tmp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp
    Filesize

    1.1MB

    MD5

    c43666006eca00f059d0a6fe08d97e1d

    SHA1

    24fd910bf1e2d5a6e30e652d7e72c1323a1d2bf8

    SHA256

    92767600a565d21bd6715321a3db1310f15580ab7b7b664af2376640054e0cb6

    SHA512

    4b213368ae90c64a2b3b8e60b99a4cf7098dd2e07675d59d253a56e2bf0503dbd1e9095516ffc9ad02b8340b233650f6fa23c1bb5a997102e8a3be61f07cce8d

    Download Submit

  • memory/2152-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2152-11-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2152-14-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2232-1-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2232-10-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download