Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

182f83b9d9...ee.exe

windows7-x64

7

182f83b9d9...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 17:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee.exe

  • Size

    50KB

  • MD5

    04b91c8721fd1d2ae1d20328d0787628

  • SHA1

    a29a19c768ed04890c3394b179b063e0c8193e1e

  • SHA256

    182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee

  • SHA512

    7cf1872a0c5b17de367ab37fe4be0523f69492ac7616639d492a0e84fc925a00ed153d5d1f12428cde9d7bc57ad7864a18c42568271a6eb8a545a71487e25bb7

  • SSDEEP

    768:1Hcp1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoLjdzbXjQLiaeB949rwXkAwQ6Ufn:YfgLdQAQfcfymN/ZXkWS9rwXkjUfn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1216
      • C:\Users\Admin\AppData\Local\Temp\182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee.exe
        "C:\Users\Admin\AppData\Local\Temp\182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1768
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a470E.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1280
          • C:\Users\Admin\AppData\Local\Temp\182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee.exe
            "C:\Users\Admin\AppData\Local\Temp\182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee.exe"
            4⤵
            • Executes dropped EXE
            PID:2532
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2320
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1152
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2784

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\$$a470E.bat
        Filesize

        722B

        MD5

        a3462a9812db1f60bc3eb3c2271e3c58

        SHA1

        bfca9d49db3e4d9f8012b3430d4ebcfc0871fb35

        SHA256

        cea07236ff5f010022f811bdfb17185ec00e08ca1f3338d319d7691f7676ef8d

        SHA512

        62af2a036cb5a2faee2ff1c920a3442d3edec6ca4d2060f1df8d5a7677ebee08584b655a25fc188f971167c34dc03b1b3b4ec10928731cf766fe45ca6346876e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a470E.bat
        Filesize

        722B

        MD5

        a3462a9812db1f60bc3eb3c2271e3c58

        SHA1

        bfca9d49db3e4d9f8012b3430d4ebcfc0871fb35

        SHA256

        cea07236ff5f010022f811bdfb17185ec00e08ca1f3338d319d7691f7676ef8d

        SHA512

        62af2a036cb5a2faee2ff1c920a3442d3edec6ca4d2060f1df8d5a7677ebee08584b655a25fc188f971167c34dc03b1b3b4ec10928731cf766fe45ca6346876e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee.exe
        Filesize

        23KB

        MD5

        a5c496552546b7e79d6228a3a419bf5d

        SHA1

        b29303a2d03d483baa2d5735df359c00aa9aed60

        SHA256

        2d0b45fa608dd8336722d85be930bb0d271fc407230a6f5082fdb3b058f67119

        SHA512

        c5d4973387ef18bfaaaf9ccf47fd0cbc485940fb77c59a4212bcf33c5cfc6b969d13bd34c3b7f5199925a7e40b19b4a3ae19cff5559c057fa106414c83775713

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee.exe.exe
        Filesize

        23KB

        MD5

        a5c496552546b7e79d6228a3a419bf5d

        SHA1

        b29303a2d03d483baa2d5735df359c00aa9aed60

        SHA256

        2d0b45fa608dd8336722d85be930bb0d271fc407230a6f5082fdb3b058f67119

        SHA512

        c5d4973387ef18bfaaaf9ccf47fd0cbc485940fb77c59a4212bcf33c5cfc6b969d13bd34c3b7f5199925a7e40b19b4a3ae19cff5559c057fa106414c83775713

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        fdd504678a404fbffc560cd95a4363ff

        SHA1

        0e8a87142acaeadfe96f00ea117c05758b0514cc

        SHA256

        4b396f3b3d76cd75e64a47eb652ab93d6239a197fd9b32c66619d6a8ffbdc2da

        SHA512

        c6e5b506c5988072cbee535f18c89fec46fad599adff83a13ecb819bc157391a527eb5336c9c03392174a6ab345b699602fe9ecb0139a2a10a053f557ccc769f

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        fdd504678a404fbffc560cd95a4363ff

        SHA1

        0e8a87142acaeadfe96f00ea117c05758b0514cc

        SHA256

        4b396f3b3d76cd75e64a47eb652ab93d6239a197fd9b32c66619d6a8ffbdc2da

        SHA512

        c6e5b506c5988072cbee535f18c89fec46fad599adff83a13ecb819bc157391a527eb5336c9c03392174a6ab345b699602fe9ecb0139a2a10a053f557ccc769f

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        fdd504678a404fbffc560cd95a4363ff

        SHA1

        0e8a87142acaeadfe96f00ea117c05758b0514cc

        SHA256

        4b396f3b3d76cd75e64a47eb652ab93d6239a197fd9b32c66619d6a8ffbdc2da

        SHA512

        c6e5b506c5988072cbee535f18c89fec46fad599adff83a13ecb819bc157391a527eb5336c9c03392174a6ab345b699602fe9ecb0139a2a10a053f557ccc769f

        Download Submit

      • C:\Windows\rundl132.exe
        Filesize

        26KB

        MD5

        fdd504678a404fbffc560cd95a4363ff

        SHA1

        0e8a87142acaeadfe96f00ea117c05758b0514cc

        SHA256

        4b396f3b3d76cd75e64a47eb652ab93d6239a197fd9b32c66619d6a8ffbdc2da

        SHA512

        c6e5b506c5988072cbee535f18c89fec46fad599adff83a13ecb819bc157391a527eb5336c9c03392174a6ab345b699602fe9ecb0139a2a10a053f557ccc769f

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-607259312-1573743425-2763420908-1000\_desktop.ini
        Filesize

        10B

        MD5

        743754b59d55d26c081d8f839a3662c8

        SHA1

        8e88e3bda53f58b9122f6f9c9a5f23f80e7be6c7

        SHA256

        bbb0f1aae4572c821fac1d6b7890df67d9f4a7576af30e70925192dded063e8b

        SHA512

        1e8d9e5e1651bd2aaef969713d949cc4ddab58c53d0be31392d660aedeb621a0f968196e4938d2ba75e40ebdb7557cee23bf5587877268cb087fdd09a8abba1b

        Download Submit

      • \Users\Admin\AppData\Local\Temp\182f83b9d943d4c7a5a80cc457035405270e23644616baf0def200995446c3ee.exe
        Filesize

        23KB

        MD5

        a5c496552546b7e79d6228a3a419bf5d

        SHA1

        b29303a2d03d483baa2d5735df359c00aa9aed60

        SHA256

        2d0b45fa608dd8336722d85be930bb0d271fc407230a6f5082fdb3b058f67119

        SHA512

        c5d4973387ef18bfaaaf9ccf47fd0cbc485940fb77c59a4212bcf33c5cfc6b969d13bd34c3b7f5199925a7e40b19b4a3ae19cff5559c057fa106414c83775713

        Download Submit

      • memory/1216-29-0x00000000029E0000-0x00000000029E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1768-16-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1768-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1768-12-0x0000000000220000-0x0000000000254000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-21-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-31-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-39-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-45-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-51-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-92-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-98-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-102-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-184-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2320-1852-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download