Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

427f9615cf...01.exe

windows7-x64

7

427f9615cf...01.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    427f9615cf393b372949ae9b027a3e01.exe

  • Size

    330KB

  • MD5

    427f9615cf393b372949ae9b027a3e01

  • SHA1

    048293ce62da9d65a6df04ca57bdf0e0b90de2f6

  • SHA256

    8fd593fd43f03a3e1b2490663e0a642707b363666a653cd10fb14a3d1f2b67a7

  • SHA512

    804a90f01c9e4133684db3512202cbe7323bffe6686a7b2d5b0934d6a42ae15b12bf70bc7e4b3a8eed611e31a7da7c7c7e79573467d033db1943f916bf6fa61c

  • SSDEEP

    3072:CftffhJCu/IQqifsI2+wrIk95SICKPsyEjvTtQXkVqKgvqgyAN9tQRiBE+y/Z:SVfhgu/1x2F0iSIGN7pmvX9/Q9Z

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3364
      • C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe
        "C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2684
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6DF.bat
          3⤵
            PID:2528
            • C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe
              "C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe"
              4⤵
              • Executes dropped EXE
              PID:2492
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:4044
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:1044
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:1140

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          131KB

          MD5

          db7ae8173a9712df1e3073af2f93fc54

          SHA1

          b298ee5348d534a20f34f674b5fa1315dd0ad51c

          SHA256

          2886245aacd885490d5b168a46ee7adf132f8a7962e2e5ad4e29491263352df9

          SHA512

          c8c091ad4103bd0f0b728443690ed8fb1128d87d8902a9c6b0f8dcb009e5def36c543d539e665fb2957df15b864a9d5d4be0603e1cf2a818188d74799d956768

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$aA6DF.bat
          Filesize

          530B

          MD5

          a09bf456aab9cad745d518499de7d04b

          SHA1

          d912f4f7541dc7771fe46451fd8eeeb20f216016

          SHA256

          2c6ed8200a60b086d4df826f39003cedd1d09647ae7897530cde4c6115e3674e

          SHA512

          c976ef0b9666507c98ff62631dc02d97e254f62b9074c09c94ff2669a270ce546caa3a94ce82e08b4f30a32198ad03ce77d039f6a54b77493aca8d0c954c9109

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\427f9615cf393b372949ae9b027a3e01.exe
          Filesize

          304KB

          MD5

          32856c61ab3c0711dbf54890dcd0755a

          SHA1

          d242f8115fec145dfdff0a0729f34991027bd7a3

          SHA256

          de6e79f384444aebb61c5d38044ea430c2911162d1a3770267a63ac2cd9c03ab

          SHA512

          00fd2b0e4965b7a85ca772a34fae8fdeca14dfc5bc347412ebe6d15017ebc07f22cd78d9f6f9f61c49ba26ba62a21bae6721488872be97a6ffd64616320f83a8

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          26KB

          MD5

          4deec1ee4c508e658e9ac56bd4e367d8

          SHA1

          8449fb96da6490e6abe8e6aa9cd38051f2c39625

          SHA256

          e4af0831fd974f9cbdbeca824ddeaf6d14472d0078aeb60fc3ed31c6189a763b

          SHA512

          7fab6020e1151beec9f8bc77c520c1ae60ec76815a24fbd5551b78a696611e5f9639f34671e84885fee17a227263b4904c47deedd0734c6c5b38fddfcd908b40

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-2398549320-3657759451-817663969-1000\_desktop.ini
          Filesize

          10B

          MD5

          dac5fda49398490d5c087360437ceda2

          SHA1

          93f612913565101624fc7a13c7e7d932bbc1a922

          SHA256

          803ca38dd859bfb259b80410b8adea5e7b38a655bc999501843102affc8ce9c5

          SHA512

          39315941c3f5f4fddfdaccd31758281415474d9f51b756f256473b1d343740fd98e7e339ede6db57765566d68da1009c8eddc4d67e59a47ed8f746ee94dea581

          Download Submit

        • memory/2492-18-0x0000000000010000-0x000000000002C100-memory.dmp

          Filesize

          112KB

          Download

        • memory/2684-0-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2684-12-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-23-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-20-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-28-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-34-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-39-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-43-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-8-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-904-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-1005-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4044-1168-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download