Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e08c728d74...b1.exe

windows7-x64

7

e08c728d74...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe

  • Size

    43KB

  • MD5

    3928b5cd9fabb90328be435d865ffc49

  • SHA1

    6d140b7a37b896e74790ba0035cf7d6a246ea630

  • SHA256

    e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1

  • SHA512

    7439aa9ffa8da6c5ea088852c76f692843e51cc38de734405ad333d0a7d4d20e81f91dd5a6ee02e770ef34a3c850a9cffe90da35c908e9c970a5cbd67e0021af

  • SSDEEP

    768:/bWi616GVRu1yK9fMnJG2V9dDClcxmWQ3655Kv1X/qY1MSd:TWi83SHuJV9QaxmHqaNrFd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe
        "C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2732
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$aF7B.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2340
          • C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe
            "C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: GetForegroundWindowSpam
            PID:2788
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2776
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2568
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2544

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        12acb7ffeea0a49d4368c3e4cc20c558

        SHA1

        00dcb6b97b209f8a4212cf5a3fbefaa75c945b0d

        SHA256

        8a42f3f4e6fc6e661cc0d832172ce6903d9d04662436e0efa319bb4890d6372c

        SHA512

        0ac22cc144c1faa005180f997e837f622fed4eef0dd40ddb602a4f0dab6286cee41298c5bfdc094b9befc04c834c316ed77bc9538d59c2c8cf255450cfc8f414

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        474KB

        MD5

        1a4b58982f0e7b7a7bfbc0bf7d5ff7f8

        SHA1

        e6dc51380258221bf81f79fae15a81a26cf8a0a5

        SHA256

        cae20f4b706ca22cfdc9d950594da390660a1f560beddafb8cae874658f2dfa8

        SHA512

        55b710fc1a36fc78b6bc896e1a66928ed7a3e761f258d8fb61a54b5f6fb9a3adabfdb69e24cedcd97f0f2dd74f84f622487a766e078d99fcf5fd72516da37ee5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aF7B.bat
        Filesize

        721B

        MD5

        a3ce75fe0cf79a246d8643daaff686a3

        SHA1

        1726bbb1e2b52a11fa8dbb9a2b25693a001d52c5

        SHA256

        62fbc8d2825191b01045a6efbb3c67b0fdc2d82b6cd10d1ca534266a40f4c242

        SHA512

        134a1803a2b6198e17dc7744d9db63e7988fde2bd34f6221c56b5b894042eba9a00346a97e6ade6404b478b7d274ba2127b7cab2088d87dbe0df5f13bf774274

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe.exe
        Filesize

        14KB

        MD5

        ad782ffac62e14e2269bf1379bccbaae

        SHA1

        9539773b550e902a35764574a2be2d05bc0d8afc

        SHA256

        1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

        SHA512

        a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        bb6daaa7dbb0b3edea119115e087eb04

        SHA1

        b6f0fcb36a4434d81d54f38b4d259108cd1f2b11

        SHA256

        843bc830bb9a888ce515139022452d4089fadc6f767bd010b23ac77ae044d941

        SHA512

        720e15b8406c420e53f683f794072a7ebe0e644960ce8095ddfd77c833f14e4429ef18a19f4fc09bb91c712a9a332179f955faddb9229c65e4cc31ec64978248

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2297530677-1229052932-2803917579-1000\_desktop.ini
        Filesize

        8B

        MD5

        1b16d2dbd4281ce4e4e5729c608dcb0b

        SHA1

        851e624080ba5598edb808d4b30fe2d74999ce18

        SHA256

        c9e46fb51d0588ca1e48ca66731e11992770b9b74a982f9bdbb6ce5b5b75d549

        SHA512

        cd1c4cf7c7871cb48ce735226b25f689b340037e6c992441e566161de7fca7410762d1a0c2670ee4b6546f7ee854d3219e0e2315c3e0387d9bbe3f08076b5a59

        Download Submit

      • memory/1212-29-0x0000000002570000-0x0000000002571000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2732-16-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2732-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-31-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-38-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-44-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-90-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-96-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-687-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-1849-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-2419-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-3309-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2776-18-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download