Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d47c8e17db...56.exe

windows7-x64

7

d47c8e17db...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 04:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d47c8e17dbda310c11b8f769b3421a7de3b48b5397706d0e45bd4fe569ee2856.exe

  • Size

    713KB

  • MD5

    685343f59bbf29ef174a21ceab8c49ce

  • SHA1

    6376efa7df6a519ac88388319213227409628881

  • SHA256

    d47c8e17dbda310c11b8f769b3421a7de3b48b5397706d0e45bd4fe569ee2856

  • SHA512

    c1d3f3ac571ccfaf0960458777ecdb9dd0cdbd645a555a870162f6539d5b9317047a3f08656b19a3f16b3298b874da551fb6d8c0a1f4e5efe687b0082e14ee80

  • SSDEEP

    12288:PfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:nLOS2opPIXV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:1288
    • C:\Users\Admin\AppData\Local\Temp\d47c8e17dbda310c11b8f769b3421a7de3b48b5397706d0e45bd4fe569ee2856.exe
      "C:\Users\Admin\AppData\Local\Temp\d47c8e17dbda310c11b8f769b3421a7de3b48b5397706d0e45bd4fe569ee2856.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a476C.bat
        3⤵
        • Deletes itself
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Users\Admin\AppData\Local\Temp\d47c8e17dbda310c11b8f769b3421a7de3b48b5397706d0e45bd4fe569ee2856.exe
          "C:\Users\Admin\AppData\Local\Temp\d47c8e17dbda310c11b8f769b3421a7de3b48b5397706d0e45bd4fe569ee2856.exe"
          4⤵
          • Executes dropped EXE
          PID:2672
      • C:\Windows\Logo1_.exe
        C:\Windows\Logo1_.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2956
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2648
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            5⤵
              PID:2544

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
      Filesize

      254KB

      MD5

      a036bc46b8f17b2af3637b788423d6b3

      SHA1

      f1ffdfb2ecf8ef1bfddcf0a2a42ac62c234bbf87

      SHA256

      bc659808d3143ea5818d3939662cc861ebc1b7d58c3dc08705017af49a700b1e

      SHA512

      b72703148c657255dc4f10b8b101f19385f0b487a503408b79d91bd1ace979e8374c938bf7d5bd590b1ef277b02837701252792b8b92917640591f27199aefe6

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      474KB

      MD5

      c14a5111b798cff20d7d66b0e035d409

      SHA1

      29f0894552b30815fed6ad231b5721e876869552

      SHA256

      fd6f57dc1b82f6301cbecbf9db5728a9a69b10e3edbf4f8a1dfef571c77a6cb6

      SHA512

      a4d8b74216c76fa3d48ab7300452725602bc6d5bcc0e6c23d458d65362cd24751f23755180ae69633090b172e95f18f225c0cb4a71dd1e050d8b3dff466e7f1b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a476C.bat
      Filesize

      722B

      MD5

      9f1e889df1d087168b56933b89a0e5d5

      SHA1

      cdecda0f61abd889c49fe381041508a5c42e0ddf

      SHA256

      136eb4a7da8e695d564af0a4e2b85c07a18822518fc22e6df9f94ab9ea55577c

      SHA512

      06e965eda64591fc6b171d122a00089e95e59af0775a545705e3a95e9846acdcddebc87b8b80caeae19e3de3cf3c91bc14aeaa6d2ac3ce66df1adc1b734d946c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d47c8e17dbda310c11b8f769b3421a7de3b48b5397706d0e45bd4fe569ee2856.exe.exe
      Filesize

      684KB

      MD5

      50f289df0c19484e970849aac4e6f977

      SHA1

      3dc77c8830836ab844975eb002149b66da2e10be

      SHA256

      b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

      SHA512

      877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      29KB

      MD5

      3779b7c17bd509ec3a5074fe2d4b29d1

      SHA1

      03ad48fea32d38ae5b61e125aece75b5eb4e564d

      SHA256

      6e33fc0dcbafb1c8b0f74ba3d95f64c1240c4a6ebb3e93888c6324b81a722453

      SHA512

      28a8fa23da21f7a77aaecb5dcb1ad0cce08d1118ef8644276ff258c583d0ab102ec861f1fe623b856e36e65d04db3dfb7db3973b2e1b56eff136b965da26aead

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-406356229-2805545415-1236085040-1000\_desktop.ini
      Filesize

      9B

      MD5

      02ced53ce3f5b175c3bbec378047e7a7

      SHA1

      dafdf07efa697ec99b3d7b9f7512439a52ea618d

      SHA256

      485bb2341321a2837fd015a36963ea549c7c6f40985e165fd56c8a1e89b3f331

      SHA512

      669dde3ea8628704d40681a7f8974cf52985385c92a61a540c97c18c13eb4d451207ae171b2a56cd061cadbc90e672a84eb55111b1f5016846918d73fb075c99

      Download Submit

    • memory/1288-32-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1908-44-0x0000000000220000-0x0000000000256000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1908-16-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1908-20-0x0000000000220000-0x0000000000256000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1908-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-43-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-50-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-96-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-102-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-233-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-1855-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-36-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-3315-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2956-21-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.