Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

2d3ba7dd14...bd.exe

windows11-21h2-x64

10

2d3ba7dd14...bd.exe

windows7-x64

10

2d3ba7dd14...bd.exe

windows10-1703-x64

10

2d3ba7dd14...bd.exe

windows10-2004-x64

10

2d3ba7dd14...bd.exe

windows11-21h2-x64

10

Resubmissions

15/04/2024, 11:31 UTC

240415-nmzycsff4y 10

10/04/2024, 04:57 UTC

240410-fljwradc86 10

10/04/2024, 04:57 UTC

240410-flcsfadc82 10

10/04/2024, 04:57 UTC

240410-flb6xadc78 10

10/04/2024, 04:57 UTC

240410-flbkdadc77 10

19/12/2023, 13:06 UTC

231219-qcfg3sadbq 10

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/04/2024, 11:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d3ba7dd14b9a579b2626fa5baee19bd.exe

  • Size

    209KB

  • MD5

    2d3ba7dd14b9a579b2626fa5baee19bd

  • SHA1

    dd365103583cfb3c10b73efc6592f8b80c1d75e0

  • SHA256

    42a191ee4f9593db8f514cce85ad8b9d6533bc71983a9529e7a5d68764d21679

  • SHA512

    29efd1035df73572efea0d96017772481b9858855c12d1bb96fc6a4ccd49443a4bb0d1bd86c69dda4218f04e8855ec37c4515157b75a240a530792232c4f03c0

  • SSDEEP

    6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1UY:cnLh9yn52rpUR5vHuRYpM+Y

Score
10/10
systembctrojanupx

Malware Config

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d3ba7dd14b9a579b2626fa5baee19bd.exe
    "C:\Users\Admin\AppData\Local\Temp\2d3ba7dd14b9a579b2626fa5baee19bd.exe"
    1⤵
      PID:1536
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 196
        2⤵
        • Program crash
        PID:1016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1536 -ip 1536
      1⤵
        PID:5048

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1536-1-0x0000000004730000-0x0000000004830000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1536-2-0x00000000046F0000-0x00000000046F9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/1536-3-0x0000000000400000-0x00000000045F0000-memory.dmp

        Filesize

        65.9MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.