Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

311d4debff...97.exe

windows7-x64

6

311d4debff...97.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2023, 07:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    311d4debffce8604501fbc5f49c9816a09005a228111e8fb2d32c40a57446b97.exe

  • Size

    29KB

  • MD5

    d63b0a38dd57c953778fc6996dced7b8

  • SHA1

    4c03454a4597f218de1a9c531fe68de370f211c6

  • SHA256

    311d4debffce8604501fbc5f49c9816a09005a228111e8fb2d32c40a57446b97

  • SHA512

    c4d6bf7eb7123d3f0ea709cc992814016cd13e50b4b3534518d6d66893b37067d76aaa6cd62dc9b646ce684a6da1a4d3900ed12f3e21fb03ec56a6cef4c4a0f0

  • SSDEEP

    384:NbbbKDvJ3IS01Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOj:pGJYS016GVRu1yK9fMnJG2V9dHS8

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1368
      • C:\Users\Admin\AppData\Local\Temp\311d4debffce8604501fbc5f49c9816a09005a228111e8fb2d32c40a57446b97.exe
        "C:\Users\Admin\AppData\Local\Temp\311d4debffce8604501fbc5f49c9816a09005a228111e8fb2d32c40a57446b97.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2140
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2192
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2756

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        180e5b6a402a1d6b8290ba4fcb473676

        SHA1

        a970f0cca9167d4df3e9a1938f5df488cd87694a

        SHA256

        4b05c61edded00bbb669f2132c109d54cba53cf98c289df28cb3c874c984d8bd

        SHA512

        9170c705b217ad9f78264a8ec5b34b0e6fc48e261aad9b5051c8ed1a65d71cfb2b75f01a7304779110b00b74668a2aa57bf691d202c93c3c2e78dbbc507552f3

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        876KB

        MD5

        a284287422ac938dd3aa51dc286e1258

        SHA1

        0991364692c9da2ffc7187309334f8082308f2d9

        SHA256

        c9821a7bfcb7d5e0eddb4322dc944f140b07f3245ac1566f227a731c82bbe63b

        SHA512

        c5a3646f70a31e690d52d73c232ef30c555e488432727307b285ace252e8aa8233c3216916b22a18ff27af2d8a1188902480fa3520c8070bfff94d59cd38797d

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3425689832-2386927309-2650718742-1000\_desktop.ini
        Filesize

        10B

        MD5

        b37b393b54a7359a4db72d7ede7217d8

        SHA1

        f72b757d8b265002cdbb349b309817684b06c790

        SHA256

        b2a681fd703549670a45f0f394a78843add6199a491ec7194d74454e7fa717a7

        SHA512

        7da2eacf26b7627db3ae5f29780bb8750b618f4e56b5b6576cae090c49b417c74d0df7402c6d07d9356004a70f5e9b968c14847d652df627d6a00227966f1772

        Download Submit

      • memory/1368-5-0x0000000002210000-0x0000000002211000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2140-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2140-7-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2140-14-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2140-20-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2140-66-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2140-72-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2140-1825-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2140-3285-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download