Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

575e12db9e...dc.exe

windows7-x64

7

575e12db9e...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    575e12db9e94adcc737d89e8f76c625d8aa7fbf236f850bbc45847588086a9dc.exe

  • Size

    1.9MB

  • MD5

    f35a9284fa9d4f9c17b2f07f084d12e1

  • SHA1

    4575a15e2ac462188fd0363d497e9b1490b43695

  • SHA256

    575e12db9e94adcc737d89e8f76c625d8aa7fbf236f850bbc45847588086a9dc

  • SHA512

    93a8971f2fc2213f88e694fb8c52b192c3a3ffe4c47915bfbc7c664b98048f401f47095c0d9196b6944426789c6d772ec93d89ed903d07df2cf7070ff896f063

  • SSDEEP

    49152:S7S40cscbgsmEHafDgPvII13CMPzsP2q7F5kS:aPzsP2DS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3416
      • C:\Users\Admin\AppData\Local\Temp\575e12db9e94adcc737d89e8f76c625d8aa7fbf236f850bbc45847588086a9dc.exe
        "C:\Users\Admin\AppData\Local\Temp\575e12db9e94adcc737d89e8f76c625d8aa7fbf236f850bbc45847588086a9dc.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4392
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3808.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4440
          • C:\Users\Admin\AppData\Local\Temp\575e12db9e94adcc737d89e8f76c625d8aa7fbf236f850bbc45847588086a9dc.exe
            "C:\Users\Admin\AppData\Local\Temp\575e12db9e94adcc737d89e8f76c625d8aa7fbf236f850bbc45847588086a9dc.exe"
            4⤵
            • Executes dropped EXE
            PID:4896
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3692
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4776
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1548

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        244KB

        MD5

        852a651212d58cc0aa27058c7afe3c26

        SHA1

        f3e130f40acd8458cb659b376d3b3475eb9030be

        SHA256

        ca70c2e7758798b9b29b93488c35e461a863ad1bb7b0e09fa115935c3338dc15

        SHA512

        01c0252a9f3e0b06cf6a4132e623aeed69adc9b661fca7911a613ed52f6e944753124030423d79ebb7b310a010983ff3e875dd0f989058e6c619f73691b7f60c

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        3e588e1201474a5927159e525f7f5ef6

        SHA1

        89a8236abad02d19dddcba890e42482e994476a1

        SHA256

        f6a7066b3b6333de177be684fedb5d280ae1d62d0cf644a14b0b3ff1c42ae4cf

        SHA512

        c5813f8d7fb52fdad6df3a1de67b9ef6e1a84eda36ed2a9fd64e27fa2404dc09aefabda397a84ffc608ecb545b54e96f45a17937689f34ff20217a841d3032e9

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        2500f702e2b9632127c14e4eaae5d424

        SHA1

        8726fef12958265214eeb58001c995629834b13a

        SHA256

        82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

        SHA512

        f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a3808.bat
        Filesize

        722B

        MD5

        3ebff8e5b1e20770152c4f7e4567abf2

        SHA1

        fd5abd3d199013f63b68021699079773816178b6

        SHA256

        d11aa68cd63983543859b12a32edde288bce8044d9f2e27b19cf97b3c8a5bcc5

        SHA512

        107e455bb95c365c11ed0edd58b332c3c4e1a93ff7770b6a80fa7936d7e95542d68ba4d4081a344de786bbdc0f045388c3fc4b24f05c9842d0a06e99ab866e6b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\575e12db9e94adcc737d89e8f76c625d8aa7fbf236f850bbc45847588086a9dc.exe.exe
        Filesize

        1.9MB

        MD5

        52176ef102c39d6912a5256535cf629b

        SHA1

        2cf33b2512df78ac047f0d117c6952478c4b057c

        SHA256

        4750d81cae87f8e9a6e4daa76bfef5772d8c8b99de45396491ebafada78e5a34

        SHA512

        76a268a5a8ae0170bb0c655d31872cf7e9f67395da37b691732d1e6a8db1c96c18c5a3019ee7decea8848a818642afee81ba0d7ec5a7cb1305454f13953d7347

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        073d37b425ac83ddebb5816919f7d353

        SHA1

        f154a0f9e3c30903aca7056ebd6d837f3989db6d

        SHA256

        e16c12380ba4ff0a472b08df28efdba5fd3de72a2c04dc141ad9792e3d7b902d

        SHA512

        f57fe35ec2a67a68cb6601488def77b510f8a44cbadc42d6517bd7da4049aa0b7becb8c546953783a499fb91d3572a1fe28dca01e48184ffcd43206fc638bd47

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-17203666-93769886-2545153620-1000\_desktop.ini
        Filesize

        9B

        MD5

        7d02194d5f21d1288ee3e3f595122aba

        SHA1

        68e51fcc75148bf51da5ad67c7137b85946fc393

        SHA256

        a4da2cd5e1bd5b7cc915b0572d2805cb074c16122fa7e5a41fbc1203aafc3416

        SHA512

        b5aba933dbbe76d9c49da7e4bd9aa8449f164d1a6563feb65e795fd497f42a5c8cc317186adf817990a180e46499987a7403b68b0b089a38ccda0fc9f2dd6c1c

        Download Submit

      • memory/3692-34-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3692-21-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3692-28-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3692-38-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3692-82-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3692-1239-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3692-13-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3692-4802-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3692-5265-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4392-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4392-10-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4896-19-0x00000000009E0000-0x00000000009E1000-memory.dmp

        Filesize

        4KB

        Download