Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e08c728d74...b1.exe

windows7-x64

7

e08c728d74...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe

  • Size

    43KB

  • MD5

    3928b5cd9fabb90328be435d865ffc49

  • SHA1

    6d140b7a37b896e74790ba0035cf7d6a246ea630

  • SHA256

    e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1

  • SHA512

    7439aa9ffa8da6c5ea088852c76f692843e51cc38de734405ad333d0a7d4d20e81f91dd5a6ee02e770ef34a3c850a9cffe90da35c908e9c970a5cbd67e0021af

  • SSDEEP

    768:/bWi616GVRu1yK9fMnJG2V9dDClcxmWQ3655Kv1X/qY1MSd:TWi83SHuJV9QaxmHqaNrFd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3268
      • C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe
        "C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4416
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF03C.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3600
          • C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe
            "C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe"
            4⤵
            • Executes dropped EXE
            PID:1692
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4752
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2180
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3280
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:3092

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          573KB

          MD5

          4869e2f1d665e36578cd5661a3f883b3

          SHA1

          fb5e55f98bba668e32033821d9bc13d031673d9b

          SHA256

          0f46994405650e9302d2369a29f8a9f6e9f4b19693553a573a05d18e90afc9cb

          SHA512

          18e3d3276287ab90455eff2c0c0371495f60a06e8199e222acc3af0921fb939cce65eb7b480132d272fd67a7c4646baa521951b78eb2635b5b097ac42378d789

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$aF03C.bat
          Filesize

          722B

          MD5

          13cd48df30c63e38b609efc102a5fe02

          SHA1

          852576de953f53be7999893ae0ad527ab21dbabf

          SHA256

          a190be6b586f4837707ab92f7c307154c0b8c85ce446dd742da3fdfb9248f786

          SHA512

          3ebd1e466cb685667ee327ad9a2132b6b10d5dce08bc0302d181b040a09ca164477fcf6f249e7d28adfe623cd4e09d3467ba0fb6b1c7f982c51627c08651bec0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\e08c728d744364dfef0025e851b50a350b5b017099f530ea1313b078c29de6b1.exe.exe
          Filesize

          14KB

          MD5

          ad782ffac62e14e2269bf1379bccbaae

          SHA1

          9539773b550e902a35764574a2be2d05bc0d8afc

          SHA256

          1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

          SHA512

          a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          29KB

          MD5

          bb6daaa7dbb0b3edea119115e087eb04

          SHA1

          b6f0fcb36a4434d81d54f38b4d259108cd1f2b11

          SHA256

          843bc830bb9a888ce515139022452d4089fadc6f767bd010b23ac77ae044d941

          SHA512

          720e15b8406c420e53f683f794072a7ebe0e644960ce8095ddfd77c833f14e4429ef18a19f4fc09bb91c712a9a332179f955faddb9229c65e4cc31ec64978248

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
          Filesize

          8B

          MD5

          1b16d2dbd4281ce4e4e5729c608dcb0b

          SHA1

          851e624080ba5598edb808d4b30fe2d74999ce18

          SHA256

          c9e46fb51d0588ca1e48ca66731e11992770b9b74a982f9bdbb6ce5b5b75d549

          SHA512

          cd1c4cf7c7871cb48ce735226b25f689b340037e6c992441e566161de7fca7410762d1a0c2670ee4b6546f7ee854d3219e0e2315c3e0387d9bbe3f08076b5a59

          Download Submit

        • memory/4416-0-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4416-10-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-38-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-27-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-20-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-43-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-34-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-11-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-72-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-1016-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-1183-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-1195-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4752-2138-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download