Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5e5cb06254...68.exe

windows7-x64

7

5e5cb06254...68.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e5cb0625435890f97c29b0043d1313b69bfd71a26d0ebe6b9ad52d1bfc5b368.exe

  • Size

    2.8MB

  • MD5

    3e9df46a946ccb96b868bcb0cee78ec9

  • SHA1

    80f2d00e4d3227ef14efd8a859a7224a87dc7464

  • SHA256

    5e5cb0625435890f97c29b0043d1313b69bfd71a26d0ebe6b9ad52d1bfc5b368

  • SHA512

    44ea38fcfd4869d35fd9f3bbadb400339754236f991baf035fd9a02d557fda91758e7a63156a96aeab63cc6dfb98398be1fee531ba2224b94c8e0c84811b30dc

  • SSDEEP

    49152:y6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:Xd1XdhBiiMa7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3444
      • C:\Users\Admin\AppData\Local\Temp\5e5cb0625435890f97c29b0043d1313b69bfd71a26d0ebe6b9ad52d1bfc5b368.exe
        "C:\Users\Admin\AppData\Local\Temp\5e5cb0625435890f97c29b0043d1313b69bfd71a26d0ebe6b9ad52d1bfc5b368.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4984
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a376B.bat
          3⤵
            PID:1192
            • C:\Users\Admin\AppData\Local\Temp\5e5cb0625435890f97c29b0043d1313b69bfd71a26d0ebe6b9ad52d1bfc5b368.exe
              "C:\Users\Admin\AppData\Local\Temp\5e5cb0625435890f97c29b0043d1313b69bfd71a26d0ebe6b9ad52d1bfc5b368.exe"
              4⤵
              • Executes dropped EXE
              PID:5060
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:4136
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:3436
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:2484

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
          Filesize

          247KB

          MD5

          f86648e03701a8b65d7165e2e2d567e7

          SHA1

          94791d7281091e715cc420107e9191c0f9466101

          SHA256

          46b7f868a3d79c17a05c0086020b76a4e1c8311647fa1dc2f072d7ae3440ca96

          SHA512

          8145606d8d14b5c88cce3a793241f91683c7fece68a1b1c40e18df5d00430e714a1eef71620511971c6ce611029ed44017c4347dd39b7f98a1546e2609be1dbb

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          573KB

          MD5

          d22decb8bcbec49f0cbbaa7d5f8190dd

          SHA1

          368593f07caaebbeeb7f143bd7c86bbb5eacbbdd

          SHA256

          96e4cde308b85037817e33abbddd0b016d469fcf772bcc5ab5b88bbb14272701

          SHA512

          6184ee3047fc0e302f05193ef323c6628f7ec69634ec41a75fcde35302ebc387a2e659038e2a6504965dd0fcbc8c7449a11395890a72b3a68c50afecf3048f7e

          Download Submit

        • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
          Filesize

          639KB

          MD5

          acf9cc366e23c74d2bc0f0aa48d990a8

          SHA1

          26e4d23f43b488f29c5543e6fe350e875876a931

          SHA256

          331431928db8b6accd5aaf5aa3c4b053dd3dc93cf09da63d90c4cb36c34de525

          SHA512

          40351b432445b6e92c5bf20597b54880a9c15207e840fc04f238d72a18728ca93d345438d167c7c281ac159e302f2e518a5a500223d7a7d56bca62adbc718c88

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a376B.bat
          Filesize

          722B

          MD5

          ea80b1a901bbe7c37d9fb978c13e45c7

          SHA1

          15d07bc757c2a09d54f3685ae6039a16a4ae9ace

          SHA256

          7caa11be0c58892ed1c187255b43c8ffdfd143555baf11b696df8814e5a92f13

          SHA512

          34cdc3ea54fbad06ac0911ae206ba68fd70db347ea4e30f461c673b563c94b43b93fcd93128ede98faad1001c9337221976de61c66a3ac731465d48f0f09e054

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\5e5cb0625435890f97c29b0043d1313b69bfd71a26d0ebe6b9ad52d1bfc5b368.exe.exe
          Filesize

          2.8MB

          MD5

          095092f4e746810c5829038d48afd55a

          SHA1

          246eb3d41194dddc826049bbafeb6fc522ec044a

          SHA256

          2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

          SHA512

          7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          29KB

          MD5

          21c07957c0adc8fbf331aaa427c0163e

          SHA1

          b837d3f09f6db0a7ec9c45e49a632c8812a37e4c

          SHA256

          f7bbf8b8c0af73001d32b5e3f714a65577537a34a6a9670e9980317f2b18caf2

          SHA512

          d0b1fce96e704d11776be16b1ddbf90e32874474491346ab20ba7445b6df62486d73dd60edada9ac2eec818b0018866f67d8837a24efc89ea9cc6025f18e4b27

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-2860750803-256193626-1801997576-1000\_desktop.ini
          Filesize

          9B

          MD5

          7d02194d5f21d1288ee3e3f595122aba

          SHA1

          68e51fcc75148bf51da5ad67c7137b85946fc393

          SHA256

          a4da2cd5e1bd5b7cc915b0572d2805cb074c16122fa7e5a41fbc1203aafc3416

          SHA512

          b5aba933dbbe76d9c49da7e4bd9aa8449f164d1a6563feb65e795fd497f42a5c8cc317186adf817990a180e46499987a7403b68b0b089a38ccda0fc9f2dd6c1c

          Download Submit

        • memory/4136-34-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-27-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-29-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-37-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-78-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-1238-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-11-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-4801-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-20-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4136-5264-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4984-0-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4984-8-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download