Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/03/2024, 14:01
Static task
static1
Behavioral task
behavioral1
Sample
26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe
Resource
win10v2004-20240226-en
General
-
Target
26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe
-
Size
4.9MB
-
MD5
782b3e4dfc98025aec34111c427a7c2f
-
SHA1
4b2dd2bde8ceb903899d6dff4f9cb4765b399b07
-
SHA256
26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54
-
SHA512
576b67f11a4e4754abe7cc713aa36ccbfa9ca445206e7882327fe6c84a8539939d5a52c9fdb05e9641784627dec498b2fb198216fca558b9cd87536ba8641838
-
SSDEEP
98304:tiTy7XAiOnT0txhfb7lY9ek7qkQM3j5fVh+FKVHBfvsNhPtQzkmeq7xiTVO:tBDAiC59ek7qkQuthYKFBfytQwmZli5O
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2152 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp -
Loads dropped DLL 1 IoCs
pid Process 2232 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2232 wrote to memory of 2152 2232 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe 28 PID 2232 wrote to memory of 2152 2232 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe 28 PID 2232 wrote to memory of 2152 2232 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe 28 PID 2232 wrote to memory of 2152 2232 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe 28 PID 2232 wrote to memory of 2152 2232 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe 28 PID 2232 wrote to memory of 2152 2232 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe 28 PID 2232 wrote to memory of 2152 2232 26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe"C:\Users\Admin\AppData\Local\Temp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Users\Admin\AppData\Local\Temp\is-5QR61.tmp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp"C:\Users\Admin\AppData\Local\Temp\is-5QR61.tmp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp" /SL5="$70122,4306939,770048,C:\Users\Admin\AppData\Local\Temp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.exe"2⤵
- Executes dropped EXE
PID:2152
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-5QR61.tmp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp
Filesize704KB
MD567ac0446f91e4c6787b35a5e250565da
SHA16816220128c062e54be6a8cfe37e5266d1f29b50
SHA25654e2143950008a67701689aa516c1db8ab2bc80321383dcea4201690cc6dcf2a
SHA51277bc2cec8a438e0065b7bf06c23d6561097d3d124f4d9469aefba6a4987d3d2a59da48eec9f259ec4ec1b5ba71cb99434cadf7199fefda2192077247028be2e7
-
\Users\Admin\AppData\Local\Temp\is-5QR61.tmp\26cbfdd7603f862f20eba1c1c30e2cd29f29740274575bf70342e92f61c87f54.tmp
Filesize1.1MB
MD5c43666006eca00f059d0a6fe08d97e1d
SHA124fd910bf1e2d5a6e30e652d7e72c1323a1d2bf8
SHA25692767600a565d21bd6715321a3db1310f15580ab7b7b664af2376640054e0cb6
SHA5124b213368ae90c64a2b3b8e60b99a4cf7098dd2e07675d59d253a56e2bf0503dbd1e9095516ffc9ad02b8340b233650f6fa23c1bb5a997102e8a3be61f07cce8d