Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

26cac671e2...23.dll

windows7-x64

10

26cac671e2...23.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26cac671e215d88b5070af7d94200588d2b7c414a6e8debf7370b993fcfffb23.dll

  • Size

    342KB

  • MD5

    ff28c8c7a68cca3b06e78e5397d66721

  • SHA1

    bbb8eef4bbc0a8296963039682cbc4e3be3364f8

  • SHA256

    26cac671e215d88b5070af7d94200588d2b7c414a6e8debf7370b993fcfffb23

  • SHA512

    5d0fdb3858abccf2b54e642e17cc1f504cd70d2028cceede82cf55399671e550850dd5bfaf91fc794fa441a7d6a6e63ec0d51e68122cb6f3e221e16f81451bee

  • SSDEEP

    6144:r7bqnqgeK6XkQA+wGVSZRujeFUwdaZ5weTqKKv6:rnqqgeK6xp3gZMjeBTKAv6

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 5 IoCs
  • Blocklisted process makes network request 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\26cac671e215d88b5070af7d94200588d2b7c414a6e8debf7370b993fcfffb23.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:3096
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\26cac671e215d88b5070af7d94200588d2b7c414a6e8debf7370b993fcfffb23.dll,#1 {D2FD3686-378E-4BAB-B310-6D581BBEFE2F}
    1⤵
      PID:1564

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1564-1-0x00000235F4450000-0x00000235F461E000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1564-2-0x00000235F4450000-0x00000235F461E000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/3096-0-0x0000017E39C80000-0x0000017E39E4E000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/3096-3-0x0000017E39C80000-0x0000017E39E4E000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/3096-4-0x0000017E39C80000-0x0000017E39E4E000-memory.dmp

      Filesize

      1.8MB

      Download