Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b7f591fb29...b0.exe

windows7-x64

7

b7f591fb29...b0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7f591fb291274d83fb3934deb64d441a98f338098a89b739dcdb61c65bd60b0.exe

  • Size

    26KB

  • MD5

    7cbf4232c6051cd8df6c85c2778bbd09

  • SHA1

    c395b7742e98a95e1f868f53f5c5f9e135b0d06d

  • SHA256

    b7f591fb291274d83fb3934deb64d441a98f338098a89b739dcdb61c65bd60b0

  • SHA512

    3e27bfd80c314d90eda5c395904bbe9a03a8ed374b995c6433ef8ea7b0d2762f98171f531b95f1152646f05beebfcb972e014c6d5f2b07015887e8da3c360894

  • SSDEEP

    768:Sa1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoLC:VfgLdQAQfcfymNu

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3592
      • C:\Users\Admin\AppData\Local\Temp\b7f591fb291274d83fb3934deb64d441a98f338098a89b739dcdb61c65bd60b0.exe
        "C:\Users\Admin\AppData\Local\Temp\b7f591fb291274d83fb3934deb64d441a98f338098a89b739dcdb61c65bd60b0.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3400
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a33A3.bat
          3⤵
            PID:1684
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3156
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:3576
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:3432

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          251KB

          MD5

          8763dd1e5a4d9a5e14aaac162f8010f2

          SHA1

          b3a1ef6416daeb9dadcf5dadd8fb541b724cbc71

          SHA256

          a12aa0944df5ca9d29f5af6c2a94b7923153e754ae714e3f6ab5776de277ade6

          SHA512

          6fc613191309cfff8eef7db9bf990ed7d28f160384a0629b519a326a650f6f16dbb5a49705931b5ed7ebc719044f6360d4efa2dd5f4b69eec6d01386c5b3c167

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          570KB

          MD5

          f9cc9ae17d368f8d0e728a90ada03a0c

          SHA1

          60d6d21dca7fe3e657bad276ad951d3dcccd68b5

          SHA256

          601f6a14f956580a3c59ad6cd2537995fcd89a9920f4bc02c9a5d3cd41b25930

          SHA512

          9abd366ce5faad5c3a289f646fe02432ad5d3cf763ca50eee2517e0c4bb76e6198db9633eaedd8bfa944384bd95fb1c758684587a2f1b6801acc8d2607987ccf

          Download Submit

        • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
          Filesize

          636KB

          MD5

          2500f702e2b9632127c14e4eaae5d424

          SHA1

          8726fef12958265214eeb58001c995629834b13a

          SHA256

          82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

          SHA512

          f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a33A3.bat
          Filesize

          722B

          MD5

          4ddff8bc9eafaade64680ddab72d8e2a

          SHA1

          4d4d627b48da81889326a590836c54580fd1e894

          SHA256

          09cbba1aaa7d71a9a67885b28519d5f07bab6502910595cdb4362b975b4bd49d

          SHA512

          3195665163f284f0ba930b14d6ad517579d6d81ea21edd42667911f7da03297c127569c9f2d1a2c93645f8a676e1eae5d898fdf1f2381ec70d83e3be206aadd3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\b7f591fb291274d83fb3934deb64d441a98f338098a89b739dcdb61c65bd60b0.exe.exe
          Filesize

          162B

          MD5

          380bbf4d7bdac05d2248b49c4188cd92

          SHA1

          ae83ef83ebe684eab30ab3ca431e4f84994fd60f

          SHA256

          b97278e320af9d3d990703fd1af322e7c4b568a92f6a736149c1648b2f07a7c2

          SHA512

          06fe7a78b558b7581b52f8d65a6a8a62338a429e550c91ad4ba5cc3f445da83ee86b99e5c7dfbd9bbfcc12895215d2a329756dc6b24ef8313f70658abc08db15

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          26KB

          MD5

          d46a2a6f2a522cb6c3bde1532d2cd3fb

          SHA1

          e36c018fe56222afda400c8848306dea3f8f0019

          SHA256

          874f065e5732aece11a9bb35e2bb35016d90ff1f51fefbd776c5d156250389d4

          SHA512

          a2c74399ddb660b3a9e166b9ac546987506ea260089f530e83380ca6dd3bf63aff15aca581e56627cb6e67fc8780b2abcc70913518a6650926fe664774016f57

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-259785868-298165991-4178590326-1000\_desktop.ini
          Filesize

          9B

          MD5

          c59aab012a570d8b20f60efcafb272be

          SHA1

          709df64d9a23340c6bc42f2bf8dfdca512bff2e0

          SHA256

          8a349242c7461f8fccc029421cd051ef8f140a8e3738d348a2354a3d5b9de220

          SHA512

          8c3f67dc02beaca59f0deaa4d8e33bc385b19df02d2a8b905b47148e21919f7d059f3883f02dad25a0d11dc807343390114753a7918171720d8cd72e84239e17

          Download Submit

        • memory/3156-25-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3156-31-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3156-35-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3156-18-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3156-1225-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3156-12-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3156-4791-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3156-5230-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3400-0-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/3400-8-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download