Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7ec9e2332a...e9.exe

windows7-x64

7

7ec9e2332a...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    196s
  • max time network
    198s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ec9e2332a8da4f40d544c350ab0603e0833946bddcffd43caab19edaa3b6ce9.exe

  • Size

    203KB

  • MD5

    22367ee4b2c9954b7cd7e3415dcf894a

  • SHA1

    9f09bfa8f50559baadf83366725cdeec93f93f00

  • SHA256

    7ec9e2332a8da4f40d544c350ab0603e0833946bddcffd43caab19edaa3b6ce9

  • SHA512

    1b4537a3a002010077d78be40faedf7b1fad5ba6234597a5043da68b1753c490d646e7b886ec8ea2066175672141a8f6a5867b8a54caae4de73d944873d692b5

  • SSDEEP

    6144:pVfjmNt/zUPNXJnz1hfjnKgTAhduXIGp9Vxvb:/7+t/MXJnz1hfjnKg0uXIGLvb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3384
      • C:\Users\Admin\AppData\Local\Temp\7ec9e2332a8da4f40d544c350ab0603e0833946bddcffd43caab19edaa3b6ce9.exe
        "C:\Users\Admin\AppData\Local\Temp\7ec9e2332a8da4f40d544c350ab0603e0833946bddcffd43caab19edaa3b6ce9.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2020
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a467A.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3808
          • C:\Users\Admin\AppData\Local\Temp\7ec9e2332a8da4f40d544c350ab0603e0833946bddcffd43caab19edaa3b6ce9.exe
            "C:\Users\Admin\AppData\Local\Temp\7ec9e2332a8da4f40d544c350ab0603e0833946bddcffd43caab19edaa3b6ce9.exe"
            4⤵
            • Executes dropped EXE
            PID:1980
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2984
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2840
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2192

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        8c2aa1cfa64939f392a147d610f646f5

        SHA1

        65b4e3c055a55fb1aea138fb6e2a3aac4b7a400a

        SHA256

        0967b3a5367a33b33108808e5ab9089d7582b5b202f3467d04b2c18a1127aa63

        SHA512

        6e3d208f17d862d48c0a7d94dbe8f4e333a96b6db175e6e35367a1aed4cc1caa64a137cdebde011bd7732ad757e0846838e5d5911df9e63dd4d138f038512e65

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a467A.bat
        Filesize

        722B

        MD5

        125f642bd8e269a4f3f11dab76eed04d

        SHA1

        0e2f8394e02f68d4a0c14790db51775804aa143d

        SHA256

        8c3c0fdcd8168ac26f0743bb575593155019d78eab2aa807c04749acb15af4a1

        SHA512

        b7e38e26c74009cc30369c25db5f48120ff2d7f6e7d54bf051a8630ed0e4be64a22063633715a61823809839236a3ba3ec05a5ed027f4de1f2a29322043fd7ad

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\7ec9e2332a8da4f40d544c350ab0603e0833946bddcffd43caab19edaa3b6ce9.exe.exe
        Filesize

        176KB

        MD5

        35fdbc2ed8d67b594f71bfbbbd9d0211

        SHA1

        fa18f37bfeb2662ab8fd376408aae7eb0f001cdd

        SHA256

        b581b4039e0c030a1f7368ee247c3049d6487ead7a5eae10f05d05c6489185c5

        SHA512

        a99807bc1c2ace7db4fae560c1ed0e9c75541743369d75f09ed7b782a22e47fb5a909789c911df9418b8e0cb883fd1ac981fa63b63a8db0e3e4aa0241cb33919

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        9e0bc600a539724474d993ba6152bce2

        SHA1

        f5eb402e6aad061d3775e719455e2f96023a426a

        SHA256

        4b5c7d6d585dcdf378555aecad7ad0d4d609ae281d6bc628669478c13ed0b4e5

        SHA512

        f2a4a0325c54861556f006ea4843c9a8cda8c8f282e7f9e7dc9a3b60905d022e38f80121375ed5f0b00b451596fcf6c4baaad5f5e0ae3db8b6f2cc12c09001c4

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-609813121-2907144057-1731107329-1000\_desktop.ini
        Filesize

        8B

        MD5

        eb3fe7085aac4986a5db69d6c382011f

        SHA1

        19c0d93bf576dc3bcf232628428d6218f91767a0

        SHA256

        41f6ad8112406e684ecf32a535c20fbac2db8d577e00b14197146b599a4b6ab2

        SHA512

        26ed6484407c76b27987c2ed0e5ec2522ea6053de299c486841195690c536d72d0569fb291a9b9a91ce74fa22f4c37c43b491f4d0ff00afb8771bd36a7dcf508

        Download Submit

      • memory/2020-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2020-3-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2020-11-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-21-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-28-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-30-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-35-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-40-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-44-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-9-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-67-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2984-906-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download