Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

59b127707d...92.exe

windows7-x64

6

59b127707d...92.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2023, 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59b127707ded68335146d3eba6423386b7fef49930849c13e4e3b934544bdf92.exe

  • Size

    29KB

  • MD5

    8e6419646867f4a823210022628b4401

  • SHA1

    dc682a54ee5543f9818ea35bf45f3b3b04030a1d

  • SHA256

    59b127707ded68335146d3eba6423386b7fef49930849c13e4e3b934544bdf92

  • SHA512

    89251b885ca82d5655a6ecd10f69842455f710f632d224e2697e331e1b6ee40114302d59a10009cbbd1ca8a3453a9b78799e0a6f29604fa87834d34f9a7634b0

  • SSDEEP

    384:NbbJQ1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnJh:p+16GVRu1yK9fMnJG2V9dHS8

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2572
      • C:\Users\Admin\AppData\Local\Temp\59b127707ded68335146d3eba6423386b7fef49930849c13e4e3b934544bdf92.exe
        "C:\Users\Admin\AppData\Local\Temp\59b127707ded68335146d3eba6423386b7fef49930849c13e4e3b934544bdf92.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4936
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3332
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:1960

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        edef37b96b99776bba846c5852e3abe7

        SHA1

        68efb7cc149f2686e24e21cc35d7746bd0162a07

        SHA256

        de7d83856bdd3c4f32e73da5c3344db410ef0a4a89ffc971c80389a5a98afc1d

        SHA512

        871b501b218c25e67981640d3d2db976682b57c90a021cde27ca23f65a5434a1b6f678664874b5368e13cd76cf226e374bab2be46ebc0db146d49c3b95b167d9

        Download Submit

      • C:\Program Files\Google\Chrome\Application\chrome.exe
        Filesize

        2.8MB

        MD5

        d6061cb846a4d07ba165444ffffbcc0f

        SHA1

        09af2e7810e0e96d36d06ad64be4d85e5bd12da5

        SHA256

        3e113e1c117b56e3af0f4a2b57ec02c2541400e0cc67755c9d63aaaa7abb5924

        SHA512

        13eb419d95383c9356a7d73a9bd3ed2712b9a8dda41aa49bdf89c9f280e3a6ab9960174ba445d2b501fd36c7e9b8b0fb5c1cefb66dc78b8a235b7d7294da11a5

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1043950675-1972537973-2972532878-1000\_desktop.ini
        Filesize

        9B

        MD5

        2326d479b287193a70f520700dc8d23e

        SHA1

        afea66d3788a50debd6f5d4c9dd51f68a4477e64

        SHA256

        95d41561a1467d20977f59108e85da181e0b4dfd3db9e40182ae7378c4a927f8

        SHA512

        cb971c406ddf7147536a6a1569d4ff49d7219aa52cde5d110be1109874d66daace832d423d7969af9e6bbc9738a65734c7e68e994591b7677aad51fa0f52cf37

        Download Submit

      • memory/4936-27-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-19-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-23-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-13-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-120-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-1264-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-5-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-4440-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4936-4806-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download