Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

cdf7c214e4...88.exe

windows7-x64

7

cdf7c214e4...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdf7c214e46de8b6259cb6a91957f8caaacdff0613aa30f8b8d14012693b4488.exe

  • Size

    1.2MB

  • MD5

    c3e574773d5ebbbdb8f4fd661384e435

  • SHA1

    ebf4ca50f1f852079d717db33713042744b8fe76

  • SHA256

    cdf7c214e46de8b6259cb6a91957f8caaacdff0613aa30f8b8d14012693b4488

  • SHA512

    7fae8f480adb0feb6e2c31475e047953cfb8e134649773ff9d25998cbf2a413a5f11b4c8e008cdf2b728c470646395e26b1a81b32a1ae2a9015d9ce728b8d4ac

  • SSDEEP

    24576:U71sQYmz7Gn/jWoHuUDCbmMqWfGL7SiwpCHr0H:U7Lzq/jWoOCUmMqWBvAq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3164
      • C:\Users\Admin\AppData\Local\Temp\cdf7c214e46de8b6259cb6a91957f8caaacdff0613aa30f8b8d14012693b4488.exe
        "C:\Users\Admin\AppData\Local\Temp\cdf7c214e46de8b6259cb6a91957f8caaacdff0613aa30f8b8d14012693b4488.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1596
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD2.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4984
          • C:\Users\Admin\AppData\Local\Temp\cdf7c214e46de8b6259cb6a91957f8caaacdff0613aa30f8b8d14012693b4488.exe
            "C:\Users\Admin\AppData\Local\Temp\cdf7c214e46de8b6259cb6a91957f8caaacdff0613aa30f8b8d14012693b4488.exe"
            4⤵
            • Executes dropped EXE
            PID:4124
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4708
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3556
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1140
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4032

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          251KB

          MD5

          69e0ff51b5c71d80e8789788f4c0def5

          SHA1

          6a167207c2bcfc3af9a3db078cab336c23bff679

          SHA256

          0c795a07deb16a871947caa3fee6505f7645fb2df3b3f33b532b4dc9d4cbe077

          SHA512

          0c9ae6ef006ce63ab0d3d853ffbb8e5bb33bad1367863e07a0a92750d2282dda5f80590883964751260e727bc94f56198e0a24ceb81e689307dda15741d334fa

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          570KB

          MD5

          cdf329dfb35eba6f9f8334708e4862a5

          SHA1

          b737a5ac4e62da9174760c8b8adf782dab5f9cdd

          SHA256

          e5fd326ef628b19f87a5bf51f8bd04aa3583167e022b99e781b07d498077bc1f

          SHA512

          083b3846dfb03bd6a8623c1f5001a184f4987fb66ac2b94bbc51b78f0ceb08146deb1abaabac6f852a92e5f1698f7cb526f5f74b1435fa8e2b90a0a4964d54f4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$aBD2.bat
          Filesize

          721B

          MD5

          49f2cd8bc794ac03432a2426a4609b75

          SHA1

          757e2197d8a27cbd4fba305ba5a19860eb34b501

          SHA256

          021e0ce8fbf255cce275c015cccb81a3a20617d1f7adf9663ed0a14fa2335e30

          SHA512

          859baf69e8f924a833fd6aced9be1a2f3507e1cc860d8bc64350788f0edd9b1f3c917934b56083ff4d8b338dce39721e120aa168b0d8c2597780f23431047dab

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\cdf7c214e46de8b6259cb6a91957f8caaacdff0613aa30f8b8d14012693b4488.exe.exe
          Filesize

          1.2MB

          MD5

          4d0756eb75a5ea3416008e02ba104333

          SHA1

          45219ad56e5361a05fa73d29b75c668a3f00267b

          SHA256

          7cbffb7789087cfcd8dfc2c600cd10e758d5dd3b66e5f38b01f422a358c2a97c

          SHA512

          ac913eceb6e6f66d3827309ce89874365cf98e01f4bb56a83145c16867c388a8a9462bfd972302ee55af446fdb67955a5dba2bfbee1785f15cf2d5f3c6a7c56f

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          26KB

          MD5

          eae720ddb96259ba9cc84160c4e6db6b

          SHA1

          6e6aa6b84edda1752d2720be3269e5df9a7dbc91

          SHA256

          1e3b3150146e34c2742aa0816cab9a3720ecb9f8e6ad85db6db8624ca6a57760

          SHA512

          a386e5ebbe057131bfcbafcd14f2efe8cb486238394819e681feb1dc7fb5695df660cb2e6dc1ce3a944b1eabc365d91994ed1f137bde0a41d8a4c882428e7610

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
          Filesize

          8B

          MD5

          4b4dbd7e2fe4189c8136069a10e1698a

          SHA1

          e4e6e1e80d1fe41d20456173c522d8e7affc4579

          SHA256

          f00f66ba8f3341c7ae8e3c7741a1ff31e522c75580afa9793dcaee17488ccf5b

          SHA512

          2be5b324ef5d951c5e66d692c26f813e0fdd76cb4ef01a9abf38e5f7837f649e0194f7f5c55b1cfd79a9d253031ace5b270fc50f6c11f1885e85f9a874380d8c

          Download Submit

        • memory/1596-12-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/1596-0-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-32-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-26-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-37-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-41-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-8-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-53-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-1181-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-1252-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-3755-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4708-19-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download