Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

13b50062c5...67.exe

windows7-x64

7

13b50062c5...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13b50062c59c817eeb93fc9fe50b43595b537a40aa18f3d12f2f5ba389218b67.exe

  • Size

    1.5MB

  • MD5

    d66053fc3341ec49521bb008a56e13b3

  • SHA1

    5ca1c63da94631735373223ae40c4fa4cbb9505f

  • SHA256

    13b50062c59c817eeb93fc9fe50b43595b537a40aa18f3d12f2f5ba389218b67

  • SHA512

    7ff67562c7fc81617a99c30a42ff538984ac769906b317585ad13fa0d2f3cce2629c75b05f0b654bda9e5b1e1d621f6e6492a280ff8c19593658e8373187b7ac

  • SSDEEP

    24576:oj7Qyl1u7cftBwMIrQeuuGUcrXT9GFWpiZ8eFDhrWBvO0yjm0Eeek:67ojMrXTgFW0CeFDhrwvoek

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Program crash 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3408
      • C:\Users\Admin\AppData\Local\Temp\13b50062c59c817eeb93fc9fe50b43595b537a40aa18f3d12f2f5ba389218b67.exe
        "C:\Users\Admin\AppData\Local\Temp\13b50062c59c817eeb93fc9fe50b43595b537a40aa18f3d12f2f5ba389218b67.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2196
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a593C.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2980
          • C:\Users\Admin\AppData\Local\Temp\13b50062c59c817eeb93fc9fe50b43595b537a40aa18f3d12f2f5ba389218b67.exe
            "C:\Users\Admin\AppData\Local\Temp\13b50062c59c817eeb93fc9fe50b43595b537a40aa18f3d12f2f5ba389218b67.exe"
            4⤵
            • Executes dropped EXE
            PID:2608
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 568
              5⤵
              • Program crash
              PID:3868
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:228
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4696
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3844
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2608 -ip 2608
        1⤵
          PID:2808

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          251KB

          MD5

          aeb069adcbfda1491d76c00c205f8b3c

          SHA1

          e57c21f18dbcd4c6fa2f044dd2cbd5c2ad2dbe36

          SHA256

          e1abd7c73068925ef6f6906db37c5a1648c1ab0992f06c47f0fe5ad51756afcc

          SHA512

          ba8c1f500d0ee704ba55b13fbaf50d70bac18de4def90ac3c5fd90adc298b8d314eb69a11ac5b4efa78d2ece2b524d8ee0a6566c9b3713356fb2610a17d3ef25

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          570KB

          MD5

          8316b532fbd800aabd491e6d42b6591e

          SHA1

          73b3fdd2f42ad94767e59265838347c7fa14f9f8

          SHA256

          5b6f9c2eb304f4a1cebff1e3d50cbd51c5c8905153be2b0cc9a9ba20cc4de313

          SHA512

          de24f5d63ac1d180a0a97ed950e77292c3d20337a7079e7555f4973ff561aebe07a76ac28ec538db4f76e4bcea7c1344b6ecf231ec1171599088da1df0916728

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a593C.bat
          Filesize

          722B

          MD5

          eb10d9c13cc0db400a592b3f9528e546

          SHA1

          5dde817cf03ba213148eafc780f1a6e5896a723a

          SHA256

          ee4a67586bad5447e96e33cc648e2a0d453f3a8584e1ae6a4f15db7e845eddc5

          SHA512

          a9e33c79eee34c799bc2b349f8abcf39905fe9eae441496dcc091abcd67c6545f537e9d0bc6167c7eafb0d3e69f2d5c937d1c0a8d483eda4e06dd33623896126

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\13b50062c59c817eeb93fc9fe50b43595b537a40aa18f3d12f2f5ba389218b67.exe.exe
          Filesize

          1.5MB

          MD5

          5a92913765d0363713a5ab9b93a99161

          SHA1

          6dd616093e601c59afd3750a3a6c6cd136fa570a

          SHA256

          5d677e6d02b9fd815f2d536b65da46e809eb9209e534c9accd0333726eb5db71

          SHA512

          72a4d7823fdf60387cba2f244844c4868d53574492c1312ccdb28865d16456c6c8968a56452690edba3763a1da1ca4bcb2a1513f3b1c94487063a4219b80e41f

          Download Submit

        • C:\Windows\rundl132.exe
          Filesize

          26KB

          MD5

          87ff48e9d7eb3205fc1ac497dac87d3c

          SHA1

          7a0ecfa28b8d30ade1775aae68586a4a94a08377

          SHA256

          06af54c48a12dce50cfdad33d0ec7b710329c9d690644be5d2184b9b1c903ad9

          SHA512

          ff1a42da2c0fb4d7c4dddab6952fd373c784758aecee9e635f28af265f7a3500818f94ceedd90c365bda9a0f131c097a38f969eddc605b7499d5d31f6741173f

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-3054445511-921769590-4013668107-1000\_desktop.ini
          Filesize

          9B

          MD5

          d69146fa3f15be895e219a620fdd153b

          SHA1

          fa21485227046ccf2d7638b4236f749862dd4b64

          SHA256

          406651396485eef0c407fc8241aeaa805a311294cdf7abb18ca20e8540694652

          SHA512

          b0509216c0bd6ad432374c98f3fc2f2919d9353e4bccf510b20e0cbbf8a0fdf77ccdeff786df0305f83f22865794cc675537e51de5a1478fc8431999566701c0

          Download Submit

        • memory/228-32-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/228-19-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/228-26-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/228-9-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/228-37-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/228-42-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/228-378-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/228-1165-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/228-4716-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2196-12-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2196-0-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download