Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bc4156ed6a...0d.exe

windows7-x64

7

bc4156ed6a...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/09/2024, 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc4156ed6a3c7abf320866976da3f6229d3f30d3d59695e24b522c51b856a90d.exe

  • Size

    1.6MB

  • MD5

    6859839bca334b519de5bf66776171cb

  • SHA1

    2d1428485997bb5e9f89735fe57ba8e83bde1df8

  • SHA256

    bc4156ed6a3c7abf320866976da3f6229d3f30d3d59695e24b522c51b856a90d

  • SHA512

    0a0c94371dc237dc2ff025ff72e91dd5e48aa440c5936c4798ed99c0dbcce08f784a71661c269bdffdc898fd89e25866be47a66e91c213ba5b743292aa865e3c

  • SSDEEP

    24576:x1wQ2xJz6Mn2qMeqm3m+mBa+EGgwZc5W7qTBNiT8L+X+phmgJ7i:Lw1Jz6efR3m+MEGgSCBNiT86XKhmI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 48 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc4156ed6a3c7abf320866976da3f6229d3f30d3d59695e24b522c51b856a90d.exe
    "C:\Users\Admin\AppData\Local\Temp\bc4156ed6a3c7abf320866976da3f6229d3f30d3d59695e24b522c51b856a90d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3088
  • C:\Windows\system32\cmd.exe
    cmd /c copy C:\Windows\temp\240653734 C:\obs-browser-page.exe
    1⤵
      PID:3016
    • C:\obs-browser-page.exe
      C:\obs-browser-page.exe
      1⤵
      • Executes dropped EXE
      PID:2872

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\temp\240653734
      Filesize

      514KB

      MD5

      c89b9fb97d02ac079a45725b3dfb54d4

      SHA1

      773d823a3304dad9a9e39e2227fba116370f4af7

      SHA256

      ec605cc14c60e30682e84ec87d19034f7bd1399025ca11fbf3c4adeed85fadf0

      SHA512

      495381374990c8613f4d97efb30f561e4b4d3a54794e93ea373695df70556e70ac7883f77dc2c7cee2a681d71f07a90b092e1394bc15f8329eda9923bb5dfb5e

      Download Submit

    • memory/3088-0-0x00000239BDC90000-0x00000239BDC91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3088-1-0x0000000180000000-0x0000000180036000-memory.dmp

      Filesize

      216KB

      Download