Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

b387d22f30...3b.exe

windows7-x64

6

b387d22f30...3b.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    153s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b387d22f30238b4c492ed175b00e557be0e2ae6310d66d74cda01fb4c941413b.exe

  • Size

    26KB

  • MD5

    7b0d0d6e90e730da617cadad201595d4

  • SHA1

    10255eb44d25ef90577bfb4027450345ec244544

  • SHA256

    b387d22f30238b4c492ed175b00e557be0e2ae6310d66d74cda01fb4c941413b

  • SHA512

    43a2d077f666c2b4695019203c1084c6404d5000664446bb32887040eb4443c866e02ae4fe2d412126081a9215767c162a87405c05b844829cf428e16dc2ff58

  • SSDEEP

    768:7f1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoGwXnKx:7NfgLdQAQfcfymNG+Kx

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b387d22f30238b4c492ed175b00e557be0e2ae6310d66d74cda01fb4c941413b.exe
    "C:\Users\Admin\AppData\Local\Temp\b387d22f30238b4c492ed175b00e557be0e2ae6310d66d74cda01fb4c941413b.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        3⤵
          PID:772
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:3188

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        49bd7a2d4e4c6cb85e53a405401bb97b

        SHA1

        69486189591789565ff332a2fe629f208eb1fb5c

        SHA256

        8e56abbed3c9ae0870958f2970e4408e6df8707d30b78da261add9fad3215565

        SHA512

        052eba26c5ecb96174839bcfec2b3274a7c1c890ab734a8744dcbfed96ee05f7ce98c94adb560a8b1b7d364170f3bba6b1b44dd2408cd25f7aa09fed4d7f3f1f

        Download Submit

      • C:\Program Files\Google\Chrome\Application\chrome.exe
        Filesize

        2.8MB

        MD5

        4805864bfb70a87988d4b3ccf1aa54a6

        SHA1

        d41bbc3d91e226f7ae76ce8983efd78159225851

        SHA256

        c77b0d0c75e8c2d597bed2ab19b87c23617cf52257f58c8dbabff8ac621cf0ac

        SHA512

        e17fa8b9ff92a67ae7cb7b43b7ef843b7aa9a6defe35d7ae9aa04989157ae078e6e8576fc55be9f7432f64f6d6fff2bbca0bdb77c47e099e586782b2e671c8de

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1873812795-1433807462-1429862679-1000\_desktop.ini
        Filesize

        9B

        MD5

        35dff1b2d2822022424940d4487e8d0d

        SHA1

        cf3c5e0326ffacd39689a35b566c8d3c626cc96b

        SHA256

        0432a628b4273444218f05d7d906b391ab84e1d51bc1b084c37456324e0f84ae

        SHA512

        91c1e3f5497c8c249e695b9e6f844f141b8747d5d1c5d23d09a2e39aae974cfcfe26b6a4580904b87aa495d452df942937fd721ff8189016a59f61c0835e1665

        Download Submit

      • memory/396-10-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-13-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-19-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-24-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-25-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-29-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-909-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-1072-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/396-5-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download