Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a5c0e52f7a...a4.exe

windows7-x64

7

a5c0e52f7a...a4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5c0e52f7a32f16a56b1e3409b96c2ef51899168bb086536c6d64774c65d63a4.exe

  • Size

    2.2MB

  • MD5

    e7f27916866dc3c5c20b9d6b017b5eaa

  • SHA1

    7fd790606ae7f519f45022e63ec647784f052c15

  • SHA256

    a5c0e52f7a32f16a56b1e3409b96c2ef51899168bb086536c6d64774c65d63a4

  • SHA512

    dbbbe3731e93bd86881fa11aff6e6daf8a85a9f308b7ac26ed40ce6a22fe7ac0dfce2d898d55639f9a291913cf65f2d832115ce1c27adfe450124bc7da8e7983

  • SSDEEP

    49152:ODOh6fnFr1YGJ6HD/6RYfCzKzi1bgeCiD13EtMJNXV:yOfjSRYf1iB3P/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3416
      • C:\Users\Admin\AppData\Local\Temp\a5c0e52f7a32f16a56b1e3409b96c2ef51899168bb086536c6d64774c65d63a4.exe
        "C:\Users\Admin\AppData\Local\Temp\a5c0e52f7a32f16a56b1e3409b96c2ef51899168bb086536c6d64774c65d63a4.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1500
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a34DB.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1396
          • C:\Users\Admin\AppData\Local\Temp\a5c0e52f7a32f16a56b1e3409b96c2ef51899168bb086536c6d64774c65d63a4.exe
            "C:\Users\Admin\AppData\Local\Temp\a5c0e52f7a32f16a56b1e3409b96c2ef51899168bb086536c6d64774c65d63a4.exe"
            4⤵
            • Executes dropped EXE
            PID:116
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4336
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4144
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3372

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        cdae1f54012ef122e2fa90c68b018ad7

        SHA1

        b3c20e121d5e6edb3e2aecc47d09d6c31a23c011

        SHA256

        15de13a231ffb9945fa3e860a3112923dffdef0b224de9f54bd18d272a0a71a5

        SHA512

        0d48e83cb31c9bc299ee0e8338aefe1aa4a040dc431136b74cd3608ff5aca1b2f58b83e50c6f8c6a5684e9da5e31a4e846854aa3a4c95446f46bd349a67a9192

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        f1fa25aad44f6d23d15bf0fe9942240c

        SHA1

        58a38f3cbfe3d90d952812e2c2fead293ee45556

        SHA256

        dd3ba3954c9b745dbc07724879681d25a7a92c60ea5a2609dae19a2537a25522

        SHA512

        ef2ef20408d959eab8f28b1495a4ad54e078cc46ea64b6de1107bd5efd7278bc6aefa22938b032f4a32c7d99c9158c4aaadf6d2e610c1c29ec4d009ae2096543

        Download Submit

      • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        Filesize

        482KB

        MD5

        ef2faa6fbcf12b63da1cf3e9283ad1cf

        SHA1

        2032ddc0f6ed9560583f70a279ca858b1e746409

        SHA256

        2c7657fe57ec426599ef848815689264720ffed5a0f9a5d33d07cafabeb43bf3

        SHA512

        46b169f4142d45197207d0015119145c12eb01150c6b742c5f3792b01d2e23bda9e25e181144f4b9963eefcff7ccb9d37fad4d27b044753325ceeaea330fa00b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a34DB.bat
        Filesize

        722B

        MD5

        1ffd19769440034e43b6309ab54e2a9d

        SHA1

        80dbce9deb2872ca3757f89667dc05bd5487a2da

        SHA256

        cd8d02e72394e5b9a724b58183361600a2055dc4a764359b144e6343eb644f98

        SHA512

        55f658e3b74db980d7c4863051252df55b07972df33217705c53eb3c29d472c70eb7fb0d2e9eb349f7c8c6291a021a33eaaa5936959fa924ecdc6aa242be4fcc

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\a5c0e52f7a32f16a56b1e3409b96c2ef51899168bb086536c6d64774c65d63a4.exe.exe
        Filesize

        2.1MB

        MD5

        75e4e1db589ba3e9144e1a79d6dbb344

        SHA1

        97e7cdbbb049ebf7aedab67303d994715edf5b52

        SHA256

        abf73d033eed3f166df49c9a32255d2ad261a40df432b2338e39c417e0050f14

        SHA512

        c569357ef2943d2d107c261e89c46ed01a0e0e65141c153f60d177e981eb4e3c3533007e169b7826d14f0c961dfe0cf3923398a4d26a3dbb2e714eb51d10c7dc

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        f691a97a588c19faf9f6dda6390c094e

        SHA1

        5d5e3c33dde450fb7b1168b8eb4705c76bbae34f

        SHA256

        06e90c757f7dbbae2d605e715181af918a8bb56afa1caaa0a83a41fae0ffa9f9

        SHA512

        f89651464d3e685fd5f8b9b07d3b6feab8979c28ec84e480580b868cfab184401be1367060150525fa9d9260e88cac93a0e36f0b4046040b81d765ba93c1b460

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2132103209-3755304320-2959162027-1000\_desktop.ini
        Filesize

        9B

        MD5

        d69146fa3f15be895e219a620fdd153b

        SHA1

        fa21485227046ccf2d7638b4236f749862dd4b64

        SHA256

        406651396485eef0c407fc8241aeaa805a311294cdf7abb18ca20e8540694652

        SHA512

        b0509216c0bd6ad432374c98f3fc2f2919d9353e4bccf510b20e0cbbf8a0fdf77ccdeff786df0305f83f22865794cc675537e51de5a1478fc8431999566701c0

        Download Submit

      • memory/1500-8-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/1500-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-26-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-33-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-37-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-41-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-28-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-1002-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-1165-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-19-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-4716-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4336-9-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download