Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7db6e7b898...60.exe

windows7-x64

7

7db6e7b898...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7db6e7b89825e97a70ffddd87caf6a9b6296134a89388986ea4867359903f260.exe

  • Size

    39KB

  • MD5

    0c66c78eb026971356126503c6366615

  • SHA1

    0a6ff1ba641cbda042328329393fff95e356f94b

  • SHA256

    7db6e7b89825e97a70ffddd87caf6a9b6296134a89388986ea4867359903f260

  • SHA512

    b5a781cf4eda3414c0c0ba6f1db084f5d19d7df625c587bef83867d1f6bec8a0e96789015acb15adc5b7572fcd203458a26d5a1a00aa6702fc77eb3b08f20495

  • SSDEEP

    768:8bjeUHoO5RroZJ76739/dZVdfpULiAYXjPrN+8WEjrZMYjV8mp8w:8mFe+Zk7VJbwlYXjPrsqrZMYR5p8w

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\7db6e7b89825e97a70ffddd87caf6a9b6296134a89388986ea4867359903f260.exe
        "C:\Users\Admin\AppData\Local\Temp\7db6e7b89825e97a70ffddd87caf6a9b6296134a89388986ea4867359903f260.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2172
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2584
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:3036
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2236
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              4⤵
                PID:2600

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          264KB

          MD5

          82aff40c160a0a881bf7a0fa4b647957

          SHA1

          dee101a59ad91bf0065dafb0fd680c339c110c17

          SHA256

          c0025a5dc9fd03e01f08941e4163078e5ce9adc3401c1e1da6441c27cdf0d0a3

          SHA512

          de32bf34a53fa0c80ba3b1277ff42f708fba5414f6d281baada7bf1268d4cebf09c3fca613b73962ba112c22ba6690689a0c2727d63e2a8adbe0868ba2ec6ce5

          Download Submit

        • C:\Program Files\7-Zip\7zG.exe
          Filesize

          723KB

          MD5

          7412939606c2600b453e3ee20939eb58

          SHA1

          d13ca991ae214751172d07b5ac59cfe061b40278

          SHA256

          7c94b31a8e366d90ab012e787001fd869606cc1901e5e7140f37529f18c6b53f

          SHA512

          8609618171d1df15fa14edcebdca15f883feb0b9f1fa9e9b592df71672c101a2094cb506bd478cd63a376acb427fe041a6648f023a5fc20fecbc2c4666cb24ca

          Download Submit

        • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
          Filesize

          484KB

          MD5

          79d4fd1cb70f3844796aa1ea18a238e2

          SHA1

          78d207a7de2aeb85eefc185d894b0b7626e1e1f3

          SHA256

          ccaacc3965c1bdfce8cd1e934895a4563dddf082016e56846966c250bed87d5b

          SHA512

          7a0167cbce49f09ea39e490862b8c371eacf8ce3d74d6a6054e7f0e1df4b307019f5adee03603fcb9d4db2b17841cbc9cf129e9480d70b20c266fe82b3979b33

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-1298544033-3225604241-2703760938-1000\_desktop.ini
          Filesize

          9B

          MD5

          c59aab012a570d8b20f60efcafb272be

          SHA1

          709df64d9a23340c6bc42f2bf8dfdca512bff2e0

          SHA256

          8a349242c7461f8fccc029421cd051ef8f140a8e3738d348a2354a3d5b9de220

          SHA512

          8c3f67dc02beaca59f0deaa4d8e33bc385b19df02d2a8b905b47148e21919f7d059f3883f02dad25a0d11dc807343390114753a7918171720d8cd72e84239e17

          Download Submit

        • memory/1212-3-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2172-0-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2172-7-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2172-3294-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2172-4116-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download