Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

427f9615cf...01.exe

windows7-x64

7

427f9615cf...01.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    427f9615cf393b372949ae9b027a3e01.exe

  • Size

    330KB

  • MD5

    427f9615cf393b372949ae9b027a3e01

  • SHA1

    048293ce62da9d65a6df04ca57bdf0e0b90de2f6

  • SHA256

    8fd593fd43f03a3e1b2490663e0a642707b363666a653cd10fb14a3d1f2b67a7

  • SHA512

    804a90f01c9e4133684db3512202cbe7323bffe6686a7b2d5b0934d6a42ae15b12bf70bc7e4b3a8eed611e31a7da7c7c7e79573467d033db1943f916bf6fa61c

  • SSDEEP

    3072:CftffhJCu/IQqifsI2+wrIk95SICKPsyEjvTtQXkVqKgvqgyAN9tQRiBE+y/Z:SVfhgu/1x2F0iSIGN7pmvX9/Q9Z

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1220
      • C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe
        "C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1732
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a9DB6.bat
          3⤵
          • Deletes itself
          PID:2220
          • C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe
            "C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe"
            4⤵
            • Executes dropped EXE
            PID:2824
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2084
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2500
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2776

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        d6ba8cba8342c3088ca603a7853ba889

        SHA1

        3b98fb0e636d7fa449d80f7dc03586a845ef53d6

        SHA256

        e0eef1fc8924f7f4da010520e7978d95d1f648476c5730af7ca12615452103ad

        SHA512

        fa7ee684342ecfcb1025c0722f881762c7966e25a222e7d7996601fc6698e95ce6f8d0283b2c58b95103c2e21e7c0d237182aaa7e0f569cfc7ebd9c6a227297b

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        320KB

        MD5

        a509967b3e0cfd8edeeff02e55d1c4ac

        SHA1

        a8bd9e7fd635329f2b07825dbc537b11a0791c9d

        SHA256

        8ef02e9041051fbb76ac982679a3ba81cd71386fa7b1f69ea869964128b2221e

        SHA512

        66f152b54fb7832cba5d070bcb02982b6978500ee52cfc2fc9b3e1c93bb237be640e653113be1990663628c69f956615a1848d1f79f3ff176a500dae3cb39514

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a9DB6.bat
        Filesize

        530B

        MD5

        2f32c8c17278680244257dd520a34d73

        SHA1

        6cd959dc99426f9ccb9c5edadf9bba59efce8e30

        SHA256

        5b3bf1e195af8f63dc7292c78fb63230917f4d0964216ac715415651fe9a9f3f

        SHA512

        8b472940c296f0be7d093c2ce60634d51d28fe6e1c7e887fb21fc01027e16428335db4e02e738cd9dfe00d2cff829f2f7fdda430bad1aacc47d60405d4ad6542

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe.exe
        Filesize

        304KB

        MD5

        32856c61ab3c0711dbf54890dcd0755a

        SHA1

        d242f8115fec145dfdff0a0729f34991027bd7a3

        SHA256

        de6e79f384444aebb61c5d38044ea430c2911162d1a3770267a63ac2cd9c03ab

        SHA512

        00fd2b0e4965b7a85ca772a34fae8fdeca14dfc5bc347412ebe6d15017ebc07f22cd78d9f6f9f61c49ba26ba62a21bae6721488872be97a6ffd64616320f83a8

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        4deec1ee4c508e658e9ac56bd4e367d8

        SHA1

        8449fb96da6490e6abe8e6aa9cd38051f2c39625

        SHA256

        e4af0831fd974f9cbdbeca824ddeaf6d14472d0078aeb60fc3ed31c6189a763b

        SHA512

        7fab6020e1151beec9f8bc77c520c1ae60ec76815a24fbd5551b78a696611e5f9639f34671e84885fee17a227263b4904c47deedd0734c6c5b38fddfcd908b40

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3427588347-1492276948-3422228430-1000\_desktop.ini
        Filesize

        10B

        MD5

        dac5fda49398490d5c087360437ceda2

        SHA1

        93f612913565101624fc7a13c7e7d932bbc1a922

        SHA256

        803ca38dd859bfb259b80410b8adea5e7b38a655bc999501843102affc8ce9c5

        SHA512

        39315941c3f5f4fddfdaccd31758281415474d9f51b756f256473b1d343740fd98e7e339ede6db57765566d68da1009c8eddc4d67e59a47ed8f746ee94dea581

        Download Submit

      • memory/1220-29-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1732-16-0x00000000002B0000-0x00000000002E4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1732-15-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1732-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1732-32-0x00000000002B0000-0x00000000002E4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-21-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-39-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-45-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-91-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-98-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-370-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-1850-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-31-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2084-3310-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2824-27-0x0000000000010000-0x000000000002C100-memory.dmp

        Filesize

        112KB

        Download