Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b8bc76e3ec...0f.exe

windows7-x64

7

b8bc76e3ec...0f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/04/2024, 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8bc76e3ece3eff2230853d85e89026d4b3bd35a3c90ca68aed08c7a2b8e060f.exe

  • Size

    474KB

  • MD5

    38d935266944c5f49d35c42ce150086a

  • SHA1

    7bfad76c6b3844f2cea23ffc7bd4702fe737fe73

  • SHA256

    b8bc76e3ece3eff2230853d85e89026d4b3bd35a3c90ca68aed08c7a2b8e060f

  • SHA512

    398927af28bcd3ad101481dd72c40aad7707b6963990e75e11d9c2ac8c57c71770e5a97aee4d0c2bcc6d7df6f12822a81746925e6fd1f561fe4581a52ec0f8c8

  • SSDEEP

    6144:vdspDeDrxkg/vrMuJIgwhEFHyOrJcX/Pgqwzm5IzkWjS4e4azExBKO1t4Kb70Nqq:l8kxNhOZElO5kkWjhD4A

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 34 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies registry class 32 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8bc76e3ece3eff2230853d85e89026d4b3bd35a3c90ca68aed08c7a2b8e060f.exe
    "C:\Users\Admin\AppData\Local\Temp\b8bc76e3ece3eff2230853d85e89026d4b3bd35a3c90ca68aed08c7a2b8e060f.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\$Recycle.Bin\RQY.EXE
      C:\$Recycle.Bin\RQY.EXE
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Modifies registry class
      PID:4700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\KFC.EXE
    Filesize

    474KB

    MD5

    83525c14e93de359df52ae987db08978

    SHA1

    02017f66ea30f648242998e853e979e934823236

    SHA256

    91c25b9d00c15e607d3c4738b6b2b1768d6558cb5acd87d369ddb9f2ca955773

    SHA512

    0bceb3dbbe22836dd922b422853c76d24d1ac912c9b386aadc373bd73ce0202a03c8fef12aa221aa62ea6f2c969a8b94cd1fb22e20042448b05cbf90f96fb102

    Download Submit

  • C:\$Recycle.Bin\RQY.EXE
    Filesize

    474KB

    MD5

    2ad6bbace7b45664879bf3bdcc050dd1

    SHA1

    e2b023c15907e85bd1cc511b227aad635b7b51a7

    SHA256

    eec3445faab46d4b1d741089e2f0c6543d52bcf2a51d88488b7888bb0d7437a0

    SHA512

    27cd13bdefd395cd93a76c9392879487029f18359e8affa3514a69cd9ded89776e46afea134a720c18bc36d95e1f2db0ce4fa93685c231ae84cc9e8754ffc226

    Download Submit

  • memory/4700-19-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-20-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/5024-4-0x0000000000A50000-0x0000000000A51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5024-21-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download