Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

36aff1db39...60.exe

windows7-x64

7

36aff1db39...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36aff1db391ee697897996c69ccdc1a76c9d27f16b62378b2ec9671caa703c60.exe

  • Size

    26KB

  • MD5

    2d56a961d255da87aaf4362199cbc816

  • SHA1

    5de3bd0a605e586754b8901f39b0b210f2ee6e21

  • SHA256

    36aff1db391ee697897996c69ccdc1a76c9d27f16b62378b2ec9671caa703c60

  • SHA512

    50bd0773a1695278724fd7ef75321bb73114b92dc46c0feb1c172f2e549a4113fa9faef506788cf4c05a019a1d59cf1ceb3916f0b02bd7e9c09da37dcb34779b

  • SSDEEP

    768:p41ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL/:AfgLdQAQfcfymNr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3488
      • C:\Users\Admin\AppData\Local\Temp\36aff1db391ee697897996c69ccdc1a76c9d27f16b62378b2ec9671caa703c60.exe
        "C:\Users\Admin\AppData\Local\Temp\36aff1db391ee697897996c69ccdc1a76c9d27f16b62378b2ec9671caa703c60.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4672
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a37E8.bat
          3⤵
            PID:3132
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3540
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:4380
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:3760

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          251KB

          MD5

          d71c890d8041aa5f8fcc10e9278afc68

          SHA1

          26953285cf84630243be86b92fca3c387361f34f

          SHA256

          a84672808cd89a7a153ee2120799dd4d162be02fa136cc7d1fac501d1659a471

          SHA512

          194f42deb1a9401f6aa0c596d71707de465eddb86498040b64f9c94be5667b11f454d05d42ab03386a359e39405dbe15a4f475eb7057e85760800b0c8b86ba49

          Download Submit

        • C:\Program Files\MergeResize.exe
          Filesize

          340KB

          MD5

          ccde1c197f0388decaf73ad33b404d27

          SHA1

          4f9ecdc4947787200fedd36926a13ef9ccee95c6

          SHA256

          6937055cf79d5bd504f191fb12dad5924fc6fb078d8b8b27664812e144375d4a

          SHA512

          bdd9f66336dc042c251cdfd69f8cff31af34c61b717751fe9deacf218878a2b1479baddfa137a9546872a6d3e2eff81725712fade854e0d86ce035cd9fa8159b

          Download Submit

        • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
          Filesize

          481KB

          MD5

          1db5b390daa2d070657fbdb4f5d2cc55

          SHA1

          77e633e49df484b827080753514cc376749b0ceb

          SHA256

          d5fbaf5c0d8e313d4dad23b28cac4256c5dbed6ab3b0d797e2971f30c5e095ad

          SHA512

          68aa0152f5aae79a146c1813915fd16ec5454b285bd1781370923f97d6c147d53684192f7f4161e5c1a340959ec432ecaac127b0abe7d08f70c387e08ee4f617

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a37E8.bat
          Filesize

          722B

          MD5

          a22418234c3a65a3b3e43c2dadeb6345

          SHA1

          20b6f3ad6e09d0b9a24b2e027f7ecef3b26337de

          SHA256

          c195d169b74ed8e2ebef3fb9dff3e1fb57fb188f75dcf53fa2e7e9a505825601

          SHA512

          bb5d531374e7c669d1b15fb3d261ccdf3cfb2b05a6a5301157d8581fe2892278830b19b8d3bb88701dfc12ea8b2a16522a48d8005906d085b2d44f579d5731e9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\36aff1db391ee697897996c69ccdc1a76c9d27f16b62378b2ec9671caa703c60.exe.exe
          Filesize

          25B

          MD5

          fd52a26cc53d5dfce3bfaf0aca96d85a

          SHA1

          295cb026b9fc87fb41fcb5911831cf7ec8986aa0

          SHA256

          9e7be5dc178aa7a50c756baf297b0c5a5b3c13ce35a3723af5dba8ee5eb39b2e

          SHA512

          b2f83892ab09d73d36a8d28e6f53b88ba4f0c4632143b7f84e4da333960cac6969719bda23c173cf03665ce8bc36c533a41080240aa53bac3975c94d79403d26

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          26KB

          MD5

          4f100cba849d788770ac90cd66c97120

          SHA1

          ebb9cbf021afc23121a8c682a4a5b80240bddc37

          SHA256

          ae843e93ea4355adff60e584fc7186e05eaa40468b64510cc3dc501fc1db1fdd

          SHA512

          69f3c5f1efd10053e8debd76143a88755d5a035882b69c3bca7ebc93aa040e3ef0aede3e7691089485850dd3212abcc02b23acdc396878a6d2658419cec8a0ee

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-566096764-1992588923-1249862864-1000\_desktop.ini
          Filesize

          9B

          MD5

          20579de1c6702ea14f25df921a00274b

          SHA1

          fc7299007b5fb0580c7a3ef6ae0efd8aaf80a35f

          SHA256

          3eb24c26a19e67d7f499ccb30f78fc29bee126bafd13f41470223c1b8f2e1e4e

          SHA512

          e9a21ede4321b86e5d215d41321741f8db22b9eb92c1325026182c688311d5134041102a194d670abcbd182d2c91d5180ac9b7c9daaf9e41109a3b3d8e3c3d81

          Download Submit

        • memory/3540-36-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-25-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-31-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-40-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-1008-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-1175-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-1875-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-10-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-4742-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3540-18-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4672-0-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4672-8-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download