Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20/04/2024, 05:18
Static task
static1
Behavioral task
behavioral1
Sample
6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe
Resource
win10v2004-20240412-en
General
-
Target
6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe
-
Size
70KB
-
MD5
a22f9d5be4e32f732e992ca4203c0dbe
-
SHA1
571a03af89321b135f0c7e9b8fa0d607a4666db2
-
SHA256
6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143
-
SHA512
44b08cc30be2ee1f69a3bd1e27dbc99a699401b145610171cabb61843e838306145e09f0ec645566d9dc02d79f435e00f3e4fb0323efdfd35663c1497bee68e2
-
SSDEEP
768:GgT2ljlL5b+nXLpXwnslmxtOsoI8A+D1dykKsWkgkLuFaxGnzuUjfwVi+3NdKAGG:Grj95b+nKbIs78JChsJg6PGKUzYQ5u
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2204 cmd.exe -
Executes dropped EXE 1 IoCs
pid Process 2644 Logo1_.exe -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\H: Logo1_.exe File opened (read-only) \??\Y: Logo1_.exe File opened (read-only) \??\U: Logo1_.exe File opened (read-only) \??\N: Logo1_.exe File opened (read-only) \??\M: Logo1_.exe File opened (read-only) \??\I: Logo1_.exe File opened (read-only) \??\T: Logo1_.exe File opened (read-only) \??\P: Logo1_.exe File opened (read-only) \??\J: Logo1_.exe File opened (read-only) \??\G: Logo1_.exe File opened (read-only) \??\Q: Logo1_.exe File opened (read-only) \??\K: Logo1_.exe File opened (read-only) \??\Z: Logo1_.exe File opened (read-only) \??\X: Logo1_.exe File opened (read-only) \??\W: Logo1_.exe File opened (read-only) \??\V: Logo1_.exe File opened (read-only) \??\S: Logo1_.exe File opened (read-only) \??\R: Logo1_.exe File opened (read-only) \??\O: Logo1_.exe File opened (read-only) \??\L: Logo1_.exe File opened (read-only) \??\E: Logo1_.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Google\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\_desktop.ini Logo1_.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\_desktop.ini Logo1_.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini Logo1_.exe File created C:\Program Files\Java\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Internet Explorer\images\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\_desktop.ini Logo1_.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\es-ES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\fr-FR\_desktop.ini Logo1_.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Internet Explorer\SIGNUP\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\es-ES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Internet Explorer\es-ES\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Internet Explorer\de-DE\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Internet Explorer\en-US\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\7-Zip\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\de-DE\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\_desktop.ini Logo1_.exe File created C:\Program Files\DVD Maker\en-US\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe Logo1_.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rundl132.exe 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe File created C:\Windows\Logo1_.exe 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe File opened for modification C:\Windows\rundl132.exe Logo1_.exe File created C:\Windows\Dll.dll Logo1_.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2384 2644 WerFault.exe 29 -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 31 IoCs
pid Process 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe 2644 Logo1_.exe -
Suspicious use of WriteProcessMemory 22 IoCs
description pid Process procid_target PID 2120 wrote to memory of 2204 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 28 PID 2120 wrote to memory of 2204 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 28 PID 2120 wrote to memory of 2204 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 28 PID 2120 wrote to memory of 2204 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 28 PID 2120 wrote to memory of 2644 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 29 PID 2120 wrote to memory of 2644 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 29 PID 2120 wrote to memory of 2644 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 29 PID 2120 wrote to memory of 2644 2120 6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe 29 PID 2644 wrote to memory of 2676 2644 Logo1_.exe 31 PID 2644 wrote to memory of 2676 2644 Logo1_.exe 31 PID 2644 wrote to memory of 2676 2644 Logo1_.exe 31 PID 2644 wrote to memory of 2676 2644 Logo1_.exe 31 PID 2676 wrote to memory of 2564 2676 net.exe 33 PID 2676 wrote to memory of 2564 2676 net.exe 33 PID 2676 wrote to memory of 2564 2676 net.exe 33 PID 2676 wrote to memory of 2564 2676 net.exe 33 PID 2644 wrote to memory of 1204 2644 Logo1_.exe 21 PID 2644 wrote to memory of 1204 2644 Logo1_.exe 21 PID 2644 wrote to memory of 2384 2644 Logo1_.exe 34 PID 2644 wrote to memory of 2384 2644 Logo1_.exe 34 PID 2644 wrote to memory of 2384 2644 Logo1_.exe 34 PID 2644 wrote to memory of 2384 2644 Logo1_.exe 34
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1204
-
C:\Users\Admin\AppData\Local\Temp\6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe"C:\Users\Admin\AppData\Local\Temp\6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\$$aF1E.bat3⤵
- Deletes itself
PID:2204
-
-
C:\Windows\Logo1_.exeC:\Windows\Logo1_.exe3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2644 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵PID:2564
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 5804⤵
- Program crash
PID:2384
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
721B
MD55aea7255f3f72e3e1c5df4b406a3216d
SHA10338f243c96b108f38e03777484e7aa0bc97b541
SHA256f40fed393986ed7b3458d2fa71b20ad8df0a56d4fa8200001ef0bdea30ab60e4
SHA5122cba0eeb5c41ca4cdf335dd3fb73ccea8636f42e685f3383f937f651d52d8969c2ea51c2f16f5af5cccb3d1e2538e5d4ac70ec5accfc0930c5c514cdc87fa380
-
C:\Users\Admin\AppData\Local\Temp\6ee1ea407cfbaf4c4dc8e3134d6358fc781b1058552b155da93324ab83a2a143.exe.exe
Filesize26KB
MD5af10e9952143f273218967724d665e15
SHA1281d6ede486e99e893057239a66e004d882280f9
SHA2569dc677eca507d541abd4b78154bf672bfa6561a68eea7f569849860cc5ef2ab7
SHA51253b07097d547f55e2d454324812601ce87d6400b3afe278ddd62c63e2ebe90c750785aa17e45b05f3e4a358c90ab64657fecdce667a4d2c1a07062861976581e
-
Filesize
44KB
MD59dc9ea2a5ed74b7cccf92b53dd855a28
SHA19d6026f42e278cc153851b5ec7c61629d8682f46
SHA25669bdd3f404195624d37359b90c4cef8bab73a3e6f875a8d151342626c684db6b
SHA512518f499675639c8767118ea062d8bfa330d42225764fd6cb7492fa9380405bea2dc9d777fdf9a0d2fa848e5eae7253ef8221f7e7b4d33898cd1e441003197a64
-
Filesize
9B
MD527729a3995958245e2d6799df42e26e7
SHA1dfe386f53277c8387b50122f3fda9bc2467815ba
SHA2569313041e89d4585b2606afa4809b101e7e8a2c944d063a28c796b0c0f070b5f1
SHA512ba9157cea7ca5c01b52e2a4a758f4e12e018990e49f1ece5fa6d83423f37a0a4dd5246d9b01e5e212d5e8c36a66a8d0e2645bc73753671295965a855a5028ec6