Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6e2f218462...19.exe

windows7-x64

7

6e2f218462...19.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e2f218462b91bf437e52ef0f13779c7958d483c3918a6dea808878aa5693319.exe

  • Size

    2.8MB

  • MD5

    bed10402647b0c71e83f2308d35f7c24

  • SHA1

    33aea471a0c92330d4a7297e3862e532a0368a1d

  • SHA256

    6e2f218462b91bf437e52ef0f13779c7958d483c3918a6dea808878aa5693319

  • SHA512

    e0fec39571c0795d9dd7f261fa1ec5352d11d1d496fef4f8bf030aacfd9d9cc62e6849b5672824ae094e6b65c6f5aa71c3126fe6de8002ce9e2be6bf91a4b738

  • SSDEEP

    49152:X7T6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:Kd1XdhBiiMa7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3388
      • C:\Users\Admin\AppData\Local\Temp\6e2f218462b91bf437e52ef0f13779c7958d483c3918a6dea808878aa5693319.exe
        "C:\Users\Admin\AppData\Local\Temp\6e2f218462b91bf437e52ef0f13779c7958d483c3918a6dea808878aa5693319.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:60
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a51BA.bat
          3⤵
            PID:1792
            • C:\Users\Admin\AppData\Local\Temp\6e2f218462b91bf437e52ef0f13779c7958d483c3918a6dea808878aa5693319.exe
              "C:\Users\Admin\AppData\Local\Temp\6e2f218462b91bf437e52ef0f13779c7958d483c3918a6dea808878aa5693319.exe"
              4⤵
              • Executes dropped EXE
              PID:660
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3284
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:2232
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:4636

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          251KB

          MD5

          72b78c7a0f4ed4969a8f107c0a03ec2a

          SHA1

          9d2c36fd60c6f5da7f2b53c00c0dd19f8f1734e3

          SHA256

          5ac58be3e267a5eaaf7eb8fe78e96254f37f6bffd1b203f0c7e2cc010f363f9d

          SHA512

          041ec2c15e297de846292a13b4af32d2a6f884e279fb9b387c12407ca756e80224c9319fbfd830e01b398991c139aeaf7bd30c7127bac3e8f1ec80fb9b3b5cc8

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          570KB

          MD5

          50f006b4784abbc5f9a2f7af1c8aa88b

          SHA1

          e600e94b110072573ea7d94034cc5ce2804572e0

          SHA256

          7ffe33e9377a9784954a7b93f2596751f99b0a4301fa8ad2824b8c3fea1c02d2

          SHA512

          b90e9150b3425fa17c98a0bd35713b65fb167c50ca45f8a21ebb16d835812fb6c4aaaeb7be2e9958d887c326414ccf8331ba3e6b3ca64e8c4b607e8625f5b48d

          Download Submit

        • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
          Filesize

          481KB

          MD5

          fcdc8cc5a6bdd2a9a0419a63c6fd22c0

          SHA1

          5386e28b9c3ef4aa6624f56932a620953bb65929

          SHA256

          700e37131587c29a553d547c5601cbff1c1d10de872dd597e11d81f11741516c

          SHA512

          5c170786968afb102bbe67d98d89934a6f9346f5e5a29036d52456bb0f7dd12e194579d8abb4358f02051074a3555a58599ee1176095adb3110eda6c39168e4c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a51BA.bat
          Filesize

          722B

          MD5

          1e6c199e21ccbe5e92af6ac8b3d990ef

          SHA1

          c06087c5552ff75a941f5c1476c2e6472389e93b

          SHA256

          00c9d15977c6f22f797b6b8f396d22d99e99e120cacf03037602b18fb74ddb94

          SHA512

          bd2870d2cd69263eca50ad439094014bcfa8bb275991b83b2b2023cd5672b560c8a54da266bd45b52f6c113d49b36ac67aad0b3c742f4e74a2cc03807fb83512

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\6e2f218462b91bf437e52ef0f13779c7958d483c3918a6dea808878aa5693319.exe.exe
          Filesize

          2.8MB

          MD5

          095092f4e746810c5829038d48afd55a

          SHA1

          246eb3d41194dddc826049bbafeb6fc522ec044a

          SHA256

          2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

          SHA512

          7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          26KB

          MD5

          117882df6beb3d0717ffa507994a5a45

          SHA1

          ca627aa3bd403f618ba52df98f058bd17575a937

          SHA256

          4a5e4f6790935a1b103d45a64f8677b8123d9a0bbb03fa6f62e4e27729f2d6e6

          SHA512

          af76c06ed35e1d70766de56fb839529f9b3c0be1c14694aa63d7bf4f470a08815a679b74153563b85f0fddf56f4f2632e2ea1b88fa6e05ee709df5ce8cfad1a4

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-983155329-280873152-1838004294-1000\_desktop.ini
          Filesize

          9B

          MD5

          20579de1c6702ea14f25df921a00274b

          SHA1

          fc7299007b5fb0580c7a3ef6ae0efd8aaf80a35f

          SHA256

          3eb24c26a19e67d7f499ccb30f78fc29bee126bafd13f41470223c1b8f2e1e4e

          SHA512

          e9a21ede4321b86e5d215d41321741f8db22b9eb92c1325026182c688311d5134041102a194d670abcbd182d2c91d5180ac9b7c9daaf9e41109a3b3d8e3c3d81

          Download Submit

        • memory/60-0-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/60-8-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-37-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-32-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-41-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-12-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-1008-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-1175-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-26-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-4740-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3284-19-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download