Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bba51aa558...c8.exe

windows7-x64

7

bba51aa558...c8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bba51aa558cb580d6e7c475b34dea201d622e021b35da45a1163aa6fcc580bc8.exe

  • Size

    88KB

  • MD5

    0e18bab366112f1cc14f3bd0607ce80d

  • SHA1

    7ca6a3291287edee5f35e822a9a57ba381ecb801

  • SHA256

    bba51aa558cb580d6e7c475b34dea201d622e021b35da45a1163aa6fcc580bc8

  • SHA512

    948a48a7e5ff0d2d147c0e041b367f7abe739fb816f30063f024b67a3a0798e2b2ca72c3d139d2a548d6599e75c987688ea65daf5cd0e43b099c8a289ee2fe0e

  • SSDEEP

    1536:p6/3SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:p6/kuJVL8LK4ddJMY86ipmns6S

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3456
      • C:\Users\Admin\AppData\Local\Temp\bba51aa558cb580d6e7c475b34dea201d622e021b35da45a1163aa6fcc580bc8.exe
        "C:\Users\Admin\AppData\Local\Temp\bba51aa558cb580d6e7c475b34dea201d622e021b35da45a1163aa6fcc580bc8.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:916
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4B70.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4580
          • C:\Users\Admin\AppData\Local\Temp\bba51aa558cb580d6e7c475b34dea201d622e021b35da45a1163aa6fcc580bc8.exe
            "C:\Users\Admin\AppData\Local\Temp\bba51aa558cb580d6e7c475b34dea201d622e021b35da45a1163aa6fcc580bc8.exe"
            4⤵
            • Executes dropped EXE
            PID:3000
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2460
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1396
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4676

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        18e65d907d829563c7ce11bb985b4e84

        SHA1

        a9c8843656dcc4627d61f5bdcc9dbc99e2bee722

        SHA256

        0aa7e3650145bb8761df0e61535e95ad77a3a1872ad2fd0d1c7b70749ffe60e9

        SHA512

        5450a6a00a9aed6f9686e73a35038606ac9b9f0a33db90dd0e5fa100a61c7efb35e05a13dc13f6ffe7070ba8e9bdfa04a1fbe6df6e060ee333548cc3c6798406

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        d7eb22e66dc3ddf67ad32804cbd96655

        SHA1

        63ccf930bd9baba68ff9727161f0470aa712f0c1

        SHA256

        d920f38d0f61038ba2481cebf90bdd88daad9f202357fe77753f55433ee18362

        SHA512

        56a10d020385c362a323c2302144b54a4db58e118229fdd542e1ab6e6b2836b186e4db61d460d3687da6219fe98642f0f80f74b92b9d5081195e295e7faaa9d5

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        73b84e696764a6109051d306b9e13984

        SHA1

        4649e99be02adfdd0d844013b3bc61be85ae28bf

        SHA256

        ab5e87fc7a7d616a677f0a69f1eb858322f1c14defa4ea04b9fd05f0c7e166de

        SHA512

        1692b47b0f9743a6160134849323e518f5f7689edf8b8bae17385354d034b307c29a0793652ed89c7a6df6e8fd21d59525620ed6176542bd8607e9938788b680

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a4B70.bat
        Filesize

        722B

        MD5

        b88eb8a7d573d3164a054a1280f82b01

        SHA1

        6499441e00760c0b5ccc141f166d1f5171a5276a

        SHA256

        e350f5111352a824f8cf3b04aa5b275d82fb1174c0064805ccb6b3309f3c1a20

        SHA512

        5b6e3a3c8657e5da79abdb1457691805b3b42205ca3778446101ff82d14b07358f7384c970f90924789f2b4749a5f5862e3b8da3f50846cab1a52cafe345a997

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\bba51aa558cb580d6e7c475b34dea201d622e021b35da45a1163aa6fcc580bc8.exe.exe
        Filesize

        59KB

        MD5

        dfc18f7068913dde25742b856788d7ca

        SHA1

        cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

        SHA256

        ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

        SHA512

        d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

        Download Submit

      • C:\Windows\rundl132.exe
        Filesize

        29KB

        MD5

        59a3b94b96eabb2e6f66bb392487225e

        SHA1

        32a84af834c0522cafb7d65911978a7da266ef50

        SHA256

        58c5cd7b74f349cc46e27f7db6fd3a1f6016d7d755f39ecba3afdefb2b9e81f2

        SHA512

        623d9390f1d0b0987eb611d334b61a306bc9ee0bae8536e76578d90448d85a731aadebf8f0792da54bb485819ec31b236baa5611aece214e11830e74c2545048

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2288054676-1871194608-3559553667-1000\_desktop.ini
        Filesize

        9B

        MD5

        27729a3995958245e2d6799df42e26e7

        SHA1

        dfe386f53277c8387b50122f3fda9bc2467815ba

        SHA256

        9313041e89d4585b2606afa4809b101e7e8a2c944d063a28c796b0c0f070b5f1

        SHA512

        ba9157cea7ca5c01b52e2a4a758f4e12e018990e49f1ece5fa6d83423f37a0a4dd5246d9b01e5e212d5e8c36a66a8d0e2645bc73753671295965a855a5028ec6

        Download Submit

      • memory/916-8-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/916-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2460-26-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2460-36-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2460-28-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2460-1227-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2460-19-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2460-4792-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2460-10-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2460-5231-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download