Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9cb7621b5a...d6.exe

windows7-x64

7

9cb7621b5a...d6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cb7621b5a9832b63afe78fd1c5e2b39cc0612bca1fc070b5893dc54497b88d6.exe

  • Size

    1.5MB

  • MD5

    e7d75c65705def420338969ca9346ed6

  • SHA1

    1a17914edc6496284b75fbc62b5b3ba5e15c8dcc

  • SHA256

    9cb7621b5a9832b63afe78fd1c5e2b39cc0612bca1fc070b5893dc54497b88d6

  • SHA512

    57ab8ec6af0460f2e204519cfa76b9775770f1d2614547dc51e6eb55ff4d768a13dd834ed68eb075b6566d65309488c8a655bdd20d7793ecb2008c782fa8413e

  • SSDEEP

    24576:u7UwxMOKp26S1HVsr+jLuLLv7Z68uUo+fpaeVxLte60J3Tft32AgK9:u7U8Kp26S1HCr+jL6v7a+VVxLtpSTfx1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3536
      • C:\Users\Admin\AppData\Local\Temp\9cb7621b5a9832b63afe78fd1c5e2b39cc0612bca1fc070b5893dc54497b88d6.exe
        "C:\Users\Admin\AppData\Local\Temp\9cb7621b5a9832b63afe78fd1c5e2b39cc0612bca1fc070b5893dc54497b88d6.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3080
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a66C8.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3588
          • C:\Users\Admin\AppData\Local\Temp\9cb7621b5a9832b63afe78fd1c5e2b39cc0612bca1fc070b5893dc54497b88d6.exe
            "C:\Users\Admin\AppData\Local\Temp\9cb7621b5a9832b63afe78fd1c5e2b39cc0612bca1fc070b5893dc54497b88d6.exe"
            4⤵
            • Executes dropped EXE
            PID:1952
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1148
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4384
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2952

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        ea3e7a80029fb4b8eaf381d61f94eb7e

        SHA1

        542cffe191c68dba2679f9e167d3f1e2c96a06f3

        SHA256

        f7d095c63ade32f4ba12501fb85ffb9f959d83c1e47076f2a05892339735715d

        SHA512

        0ee9e7288ea1fb905f14cf4983f1f591409ec671bef6f45b134aea0bdd8b0ba62251c77aa401a049b172b269cb442aa21fd4ae66730d137609e95e580d6a52bd

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        ea66bcb7b3139513d0867fc7988f4614

        SHA1

        0c2d102fdaff7cb773b7b882fb43fc9c62807e6f

        SHA256

        0ebfa63433f0eadaf9eac9e4b54426bc02b2aed6beab6e85ff016e2be1cbacb5

        SHA512

        310095819285517a9ff794787219bdaad38f79e760331786bdda426d24b65eca2c7128f686184ba1bced022eb64afd6055e439d11a821728688b4066d512f99f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\SogouPY.users\acc.dat
        Filesize

        80B

        MD5

        55fcb9561997ef317cdd3f157494f23e

        SHA1

        8734603217a6d5f48a6f7b5b2c668efb0c737aca

        SHA256

        85b2c3e24202fdec71625737ed4aaf94d0ada296d1188f55d01c64a94e0d2b4d

        SHA512

        1a4c3fa8168989bd0fa9560c45310630427bc7165cb059f8a8e4f781128640d4bbde9d113d94764acc1b98522541a8a3575ea7b43e33f90038b2251792d416e7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a66C8.bat
        Filesize

        722B

        MD5

        fbb2694b3d04a49b720c6faaf232d9bb

        SHA1

        49930eb59511facd138f73fe67ab2f20b38d5efa

        SHA256

        1d3eb59dc633f4631058c1814f804a6a4076384933e5267b8980dbe18c84252b

        SHA512

        4873597575a52ab6109da4384742e512a8f767b56e577b9a48f3b5adc0c67a08b8cb70d44fcf13db019a7ca88aee580cc5b817ae2be83b2bb116a873798c4deb

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\9cb7621b5a9832b63afe78fd1c5e2b39cc0612bca1fc070b5893dc54497b88d6.exe.exe
        Filesize

        1.5MB

        MD5

        452489aa25a4f305d8806f3015cd5a99

        SHA1

        b22260f546ace81ecbe40c2e4015ba8d46fcae39

        SHA256

        14485683fba34a02aa1d75ca143dd02a2c57568a867ceafbeac61fdc4e737dd7

        SHA512

        cfeaef480ba5fac3cb858fc1318300925edc24bbdfc9bb462055a863f32131b6aeac29f08d5d4ebcda013a0e8e76994b6c86d78c11344dd38ed896db4e0d57f7

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        80fc05d81eb2408243d8cb9531ead60f

        SHA1

        88c89a52d2d36a5d439acddcb4c75277ef69a2be

        SHA256

        be87f688dc39392e406c8da833e7e32bbeb62713d5fc6f4c0cdf10e07e04d178

        SHA512

        caad2f5f8a74f0fc436f3d147c8eaf8f428411c58c0c53647917a836b99a311ae6fecfe3bf152085933f2279b6b9eb38efc47b796d9e9f72f893c911014e8f61

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1815711207-1844170477-3539718864-1000\_desktop.ini
        Filesize

        10B

        MD5

        0c6beb6d4da16bbf902e01a42ff163f5

        SHA1

        aeeec783750199c10f8dd6e8aa828a44233e760b

        SHA256

        2c5a0b332a8c9449c746ee8dd0d751b77f5ff89c525609cd48a7959a9cf2e793

        SHA512

        3f4ec9bc64092ea98aee91777e052f410194ce728890df45cbeccb60c321c5547e52eaae747c8b64c4f8a9c22a04c0f20146bb7cc5826552ae23e3be8ccb7c3a

        Download Submit

      • memory/1148-29-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1148-36-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1148-42-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1148-47-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1148-49-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1148-8-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1148-520-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1148-1175-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1148-4726-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3080-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3080-9-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download