Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
37ffb891342...7e.exe
windows7-x64
77ffb891342...7e.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$R1/baidu_...an.exe
windows7-x64
$R1/baidu_...an.exe
windows10-2004-x64
$TEMPLATES...at.exe
windows7-x64
1$TEMPLATES...at.exe
windows10-2004-x64
1$TEMPLATES...cs.dll
windows7-x64
1$TEMPLATES...cs.dll
windows10-2004-x64
1KDocks.exe
windows7-x64
3KDocks.exe
windows10-2004-x64
3uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29/01/2024, 13:44
Static task
static1
Behavioral task
behavioral1
Sample
7ffb8913420ecfe98527201694da927e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7ffb8913420ecfe98527201694da927e.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$R1/baidu_dizhilan.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
$R1/baidu_dizhilan.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
$TEMPLATES/installstat.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
$TEMPLATES/installstat.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
$TEMPLATES/statistics.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$TEMPLATES/statistics.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
KDocks.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
KDocks.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral17
Sample
uninst.exe
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
uninst.exe
Resource
win10v2004-20231215-en
General
-
Target
KDocks.exe
-
Size
427KB
-
MD5
73231e8612e3955b328528efda1b33c8
-
SHA1
e6f3c4ce06365cb18141105e9c163f3d01db22c7
-
SHA256
ff83005725b53746345cb92ffd49a49458325e4fc757248923a034d95804759f
-
SHA512
597dd7c9e4576e8db7ac98c9d6c366702d1d3c4e3bf410ed7fa9015211e9610fb9627ef4820373a5101e2b8b406d477a8974beee7e102d33807cbeec15833a5f
-
SSDEEP
12288:ECybNrrHyjWTa2wc4TXtUkAhZgT6+DzgNw:qdrS5kGtdFG
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1788 KDocks.exe Token: SeIncBasePriorityPrivilege 1788 KDocks.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe -
Suspicious use of SendNotifyMessage 6 IoCs
pid Process 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe 1788 KDocks.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1788 KDocks.exe