Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

40c99291a8...44.exe

windows7-x64

8

40c99291a8...44.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    3s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40c99291a8725ddde8157ba42e53aec62804e582bc699d4555302a9bd2456e44.exe

  • Size

    1.4MB

  • MD5

    d679cf07aef6c469c53595761b78a608

  • SHA1

    3a31e04b6a0d406375648dca872873385b455996

  • SHA256

    40c99291a8725ddde8157ba42e53aec62804e582bc699d4555302a9bd2456e44

  • SHA512

    f5b12f6b43f49a1cfd9201db712bfaae1ed42dd933aca7a8a25011856db3f5df093ffe2f00083e8d7d6b2644f40df9005145a69cc543ba329b986b6e3806642b

  • SSDEEP

    24576:IBvKKHgnhSC0badP0QiPYnSFELlFFx0A4cAhPSNfL1JD/tbOFmHPrEH7s:sKKAsadP0QiPzEz0AVISNT1JtMy1

Score
8/10
persistenceupx

Malware Config

Signatures

  • Sets file execution options in registry 2 TTPs 2 IoCs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 9 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Modifies registry class 35 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40c99291a8725ddde8157ba42e53aec62804e582bc699d4555302a9bd2456e44.exe
    "C:\Users\Admin\AppData\Local\Temp\40c99291a8725ddde8157ba42e53aec62804e582bc699d4555302a9bd2456e44.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={CAEC6DD3-CA9A-F3F9-2FE5-E6561BA4C3EA}&lang=en-GB&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=defaultbrowser"
      2⤵
      • Sets file execution options in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1264
      • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        PID:832
      • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver
        3⤵
          PID:912
          • C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
            4⤵
              PID:2316
            • C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
              4⤵
                PID:2032
              • C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
                "C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
                4⤵
                  PID:1100
              • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NURGMkYzRDktNTE4Ny00RkU4LUJFNUEtNTQ3NDdBODAzNzEzfSIgdXNlcmlkPSJ7NjI5M0JERDctRjM0Ri00MjBBLUEzMjAtQURGNTEzMjBEMDQwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezNENkIxQTFGLTcwRDEtNDg5Ni04NkRDLTY1NThENDBBNUNBRH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zNTIiIGxhbmc9ImVuLUdCIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7Q0FFQzZERDMtQ0E5QS1GM0Y5LTJGRTUtRTY1NjFCQTRDM0VBfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyMTM4OCIvPjwvYXBwPjwvcmVxdWVzdD4
                3⤵
                  PID:2108
                • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                  "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={CAEC6DD3-CA9A-F3F9-2FE5-E6561BA4C3EA}&lang=en-GB&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=defaultbrowser" /installsource taggedmi /sessionid "{5DF2F3D9-5187-4FE8-BE5A-54747A803713}"
                  3⤵
                    PID:2496
              • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
                1⤵
                  PID:1608
                  • C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\109.0.5414.120_chrome_installer.exe
                    "C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\gui8C98.tmp"
                    2⤵
                      PID:1792
                      • C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\CR_560CE.tmp\setup.exe
                        "C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\CR_560CE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\CR_560CE.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\gui8C98.tmp"
                        3⤵
                          PID:472
                          • C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\CR_560CE.tmp\setup.exe
                            "C:\Program Files (x86)\Google\Update\Install\{4631C37B-AF9A-49E6-B254-7E3B0F730119}\CR_560CE.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f7c1148,0x13f7c1158,0x13f7c1168
                            4⤵
                              PID:3044

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\GoogleCrashHandler.exe
                        Filesize

                        73KB

                        MD5

                        c6c4c9dd566e2afb70149c0d1d8d5362

                        SHA1

                        c969928ab39828380ec54e8da4cb209cd95a4aa3

                        SHA256

                        0f401ac811cb9941fe2662b47df781bbbfa8ba332ff620dbf0f025ad41255ac7

                        SHA512

                        8f90f8dcea1af73ea0d2ade7e4b7b29fb440136347bde4df9556aaa7f1ed02baaaa26dce02b88c236ccc15e69b666f0f1e5a0c373ca82f5f463ab621f308b5ca

                        Download Submit

                      • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\GoogleUpdate.exe
                        Filesize

                        4KB

                        MD5

                        aab5a2ce501a9f1fe6d062645eee4dfa

                        SHA1

                        58348fa4bc127114185f3d9b469fcd02311dfeae

                        SHA256

                        21d7631f1ceb77004c31ae1fdb75822f0089c3ae6727e0f2fc32ffc219429e1f

                        SHA512

                        acfc8d23d467e8235f3ae96d0375f79bdbedc6fb821899063487a4a67bdc6cb7aa39674397a1049c6917ab314647c221d98abe2f068c1e933eacbaed3acc779f

                        Download Submit

                      • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\GoogleUpdate.exe
                        Filesize

                        80KB

                        MD5

                        5832604a99c40e4656e33346a407d5d1

                        SHA1

                        e372da046a7eb5f96d18d59d0554ff05618cb091

                        SHA256

                        7dd75bd8492c1bc1411b8eb9bd2bc907b68fc2b3abbdec2d7e3bcb16a9e623d0

                        SHA512

                        a955ef17bf3760b6e7c0a09ebe2d2e720a607d72ab77be37dc8734013f430a9748f2599c2b20c843cf5904231dc5819023b8a35c15fc3e545b55f2f25c0d5683

                        Download Submit

                      • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\GoogleUpdateComRegisterShell64.exe
                        Filesize

                        12KB

                        MD5

                        7b80e9f89210d92caa0a3e3a1dc54184

                        SHA1

                        4e03915696bbbf7070392ad1e4c8e098609a0b39

                        SHA256

                        8be2dc75fb8b5822cd7b842d21e972fc36b67bdae3a4d7996987a9ccab56d457

                        SHA512

                        a66bdae8a96209e85b3d60a5bff21e193eb56dabf14a007ac0f126465176e3968a0c59d55b3ad63e11bc020a1005c4b7909b1e4970978204b27bff38d03c59d6

                        Download Submit

                      • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\GoogleUpdateCore.exe
                        Filesize

                        34KB

                        MD5

                        14dab58547fd0c815c094eb82aabb1e1

                        SHA1

                        3c44b7270e9d3db1464db60fe73d9d852e395796

                        SHA256

                        a308531c4187cc34dbd8d551f95e38c9180ffdf9fcba931bc0322ec3a8dff364

                        SHA512

                        6e355c233192fe1969c10946f7749d65511ace44846f35abd44f4b7f4158405f616dd3fb1c7db557b368cf1d0a20f0f9e0b75723a13c40a5b4c89d3bbd3f7c3a

                        Download Submit

                      • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\goopdate.dll
                        Filesize

                        12KB

                        MD5

                        216a03b2d0a0d5def140efc9bd5fc0f3

                        SHA1

                        0acc8fed3af5db021cc974ecd266841dce7b69cd

                        SHA256

                        1a90d3da8f81b987cc3a05604e85a1fe3aa02629255bc7724f116bd914e7b5fc

                        SHA512

                        6f71d8f4efdfe3e6ac8779efa409edb9e0f8e44262bc7f4627c968abfab98d9eabbb5ec6ec1cd57a06f5df26f918133fd3f59e2bba051f17aac9fb24c3b0fe65

                        Download Submit

                      • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\goopdateres_am.dll
                        Filesize

                        7KB

                        MD5

                        c59adba66d42df54ea33c1b023e62037

                        SHA1

                        a327aa280be46e2bbbd3fbaaa5a40265847aca3e

                        SHA256

                        45737fbd14e057a5c495be7080e6e7a13903297f11dacf4c6f0e9e1d0316d531

                        SHA512

                        61b3588ac18619122a27de1da68e08ef5dbfca6c860c81f42c7f7655b41e778860bd45b780ee9dde35ce740be49abdd7a50fdab5679499b65bfca61d95e519ec

                        Download Submit

                      • C:\Program Files (x86)\Google\Temp\GUMA1BC.tmp\goopdateres_en-GB.dll
                        Filesize

                        42KB

                        MD5

                        02acce9239e5805169b4c5d181d8c9a5

                        SHA1

                        0020fdfacfa745589818382052aee3818eedfeee

                        SHA256

                        38b97394a4a2d2ddbde72cd49c70ea4670bb7eb3e2f14f17428fa9328200bd51

                        SHA512

                        41539b9319f8ef41726bc4b2912473c0a4e175978b61643740107a00710fb678b9a5f06fffbb2b70b1b9e9b69b20290afabfe1bed43f16d111918a7e19fff46a

                        Download Submit

                      • C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\109.0.5414.120\109.0.5414.120_chrome_installer.exe
                        Filesize

                        43KB

                        MD5

                        40b77663f120e306a08bb6a727f782b2

                        SHA1

                        ee12892afa1b5cb8fd7f9a538e0048ae71a1913b

                        SHA256

                        5baaa0792a808591a94d82d946126b5f452b1658b65484ea6085a2aae4efa50e

                        SHA512

                        767402781af6f0732a4275ff971f7f94db31b50566c9e3b62d7ea5d120f5e62e8cfef63ef6a4fcc4e39a1b14a03b3d4aa9868c069e3661f8cdeced4b02148e48

                        Download Submit

                      • C:\Program Files\Common Files\System\symsrv.dll.000
                        Filesize

                        175B

                        MD5

                        1130c911bf5db4b8f7cf9b6f4b457623

                        SHA1

                        48e734c4bc1a8b5399bff4954e54b268bde9d54c

                        SHA256

                        eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1

                        SHA512

                        94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

                        Download Submit

                      • \Program Files (x86)\Google\Temp\GUMA1BC.tmp\GoogleUpdate.exe
                        Filesize

                        8KB

                        MD5

                        5506089ab678e18b13c73127523df38b

                        SHA1

                        958b75f6a7920298f867f78f737d498278d53b3e

                        SHA256

                        5bb10ea3ea09dada7b8fb11f63f34401058bae5739682f757dc21e2dfde78fb9

                        SHA512

                        c67e2d3b0a26798dc988661437d7ec5c40c483e1f80ea056156d19d07ad971e297db0cf5633c3556475f5be54383822fb0962aa8e77625ac228e23f40d6cb014

                        Download Submit

                      • \Program Files\Common Files\System\symsrv.dll
                        Filesize

                        67KB

                        MD5

                        7574cf2c64f35161ab1292e2f532aabf

                        SHA1

                        14ba3fa927a06224dfe587014299e834def4644f

                        SHA256

                        de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

                        SHA512

                        4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

                        Download Submit

                      • memory/1264-385-0x00000000750C0000-0x00000000752B5000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/1264-96-0x0000000000840000-0x0000000000841000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1264-395-0x00000000750C0000-0x00000000752B5000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/1264-362-0x00000000750C0000-0x00000000752B5000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/1608-397-0x0000000074610000-0x0000000074805000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/1608-382-0x0000000074610000-0x0000000074805000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/2496-386-0x0000000074610000-0x0000000074805000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/2496-381-0x0000000074610000-0x0000000074805000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/2496-331-0x0000000000290000-0x0000000000291000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/2496-294-0x0000000000290000-0x0000000000291000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/2496-401-0x0000000074610000-0x0000000074805000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/2512-330-0x00000000775C0000-0x00000000775F5000-memory.dmp

                        Filesize

                        212KB

                        Download

                      • memory/2512-345-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-348-0x00000000775C0000-0x00000000775F5000-memory.dmp

                        Filesize

                        212KB

                        Download

                      • memory/2512-349-0x00000000775C0000-0x00000000775F5000-memory.dmp

                        Filesize

                        212KB

                        Download

                      • memory/2512-351-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-356-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-361-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-333-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-379-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-3-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-327-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-302-0x00000000775C0000-0x00000000775F5000-memory.dmp

                        Filesize

                        212KB

                        Download

                      • memory/2512-299-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-287-0x0000000010000000-0x0000000010030000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/2512-13-0x0000000000C80000-0x0000000000DCF000-memory.dmp

                        Filesize

                        1.3MB

                        Download

                      • memory/2512-5-0x0000000000C80000-0x0000000000DCF000-memory.dmp

                        Filesize

                        1.3MB

                        Download