Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e8e38d6039...b3.exe

windows7-x64

7

e8e38d6039...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    23/11/2023, 09:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8e38d603907283850682453149864e35c207fe161689f3a5a905043a158c6b3.exe

  • Size

    39KB

  • MD5

    349babe461eb601756f45846bdac9367

  • SHA1

    c9b3b6a3ff64f7248f0be157a4a8a68be78abb15

  • SHA256

    e8e38d603907283850682453149864e35c207fe161689f3a5a905043a158c6b3

  • SHA512

    10e8973adbec3c51e4b5ad09c3858fc26e46dd1149b6a740096c6246517bde41c7a7fbf0b5c04ae09c3c787cd900c5fb532e784f593f0d5dffaf212087c5f09a

  • SSDEEP

    768:8PL49svO5RroZJ76739/dZVdfpULiAYXjPrN+8WEjrZMYjV8mp8w:8Pve+Zk7VJbwlYXjPrsqrZMYR5p8w

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1292
      • C:\Users\Admin\AppData\Local\Temp\e8e38d603907283850682453149864e35c207fe161689f3a5a905043a158c6b3.exe
        "C:\Users\Admin\AppData\Local\Temp\e8e38d603907283850682453149864e35c207fe161689f3a5a905043a158c6b3.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2360
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2196
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2440
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2300
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              4⤵
                PID:2928

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          264KB

          MD5

          ed9e440a0da16922767eb10da17063bd

          SHA1

          23286db11962453099bb42fda8f135fedd9063fc

          SHA256

          1ee771bc21e70954f35c0f3e1fc7df2a65aa3a1dedc747b435f92c58235efdd8

          SHA512

          6c61a8c3ce559976bb6b34fce97cbce05c793ecd5283c663c9f142ce06b1e436a02ebffd710404306bb2f87ee216c66a2a5c1f3f1a2aef96fc3f5e6fccb2e185

          Download Submit

        • C:\Program Files\7-Zip\7zG.exe
          Filesize

          607KB

          MD5

          a4a392abf9b8a2172ef22ec968839a79

          SHA1

          25fb8ade24ae20b84e326d5397a9f83d0b054deb

          SHA256

          d6af01e4ac32bc70794252d50776f1c5f607836eb054c3de34e1a790142e401b

          SHA512

          44449bc32cdd1a1a6420933fa5856f1fd526e4da1d6abc4b2b48e16bf7148cab3bc0130d41c362f6054052f46089b7e2e2f29db555290b12e87c266ef3d24408

          Download Submit

        • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
          Filesize

          484KB

          MD5

          e1d44503bd78f76397106dd8751c33da

          SHA1

          adb60486590c24d54f43ca6b7ec7fd8d64ff16fe

          SHA256

          792791d8023b6fe39fb3f7519f0c31ee22a4accb61f6b824143a2d066ef32c44

          SHA512

          a7cf931af36db667493710b50898eed4fa34cafa48686cb2c4ac6f1248d7b4907dacbd6f2df7d699b521d13304d70fb078b80305d8a815c0a566b502c42e739d

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-2085049433-1067986815-1244098655-1000\_desktop.ini
          Filesize

          10B

          MD5

          1ac6500de33f973231298e1a1e1e7b38

          SHA1

          ab3a765fb39e758f638f6b49a841300ec61ff961

          SHA256

          f1e760f9e9b5eaeaa02cb5ca5dfc3ef6a19147a66053ed02ac52b7e2ce05a050

          SHA512

          25253907de7da7ecca0a76dfd1fb864992bc6bc092f29efb789ec2ad4d70aba377e0e28b4f64f602818ba9aefa83dc3454f07c58efdb90f38e0831354ce53f37

          Download Submit

        • memory/1292-3-0x0000000002820000-0x0000000002821000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2360-0-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2360-7-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2360-1727-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2360-3570-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2360-4061-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download