Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2339ae1c97...82.exe

windows7-x64

7

2339ae1c97...82.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2024, 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2339ae1c976feb510370e75fd39c580c375774ed35fdf07d88efedc29081e482.exe

  • Size

    7.3MB

  • MD5

    f8ab859bdc0b2f95aed1b44c27205eee

  • SHA1

    362254c913b8f9ed506cc9135dfdd54b3858cb47

  • SHA256

    2339ae1c976feb510370e75fd39c580c375774ed35fdf07d88efedc29081e482

  • SHA512

    b2df37937a5b981c819587aa582e0bf2e585f424d4be40ee6321d5b12687705acbcb335516c5352b9a443f5773b4a5ffc409d771a1e7333be4f6d7c528284c2b

  • SSDEEP

    98304:SmB9OWBVClfcaA1oZeSajfztbVCGQX4bME4bP8nQgMVQNKe5AJbI8D:Sg9OHi1oZepfxUGGNQNKe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3424
      • C:\Users\Admin\AppData\Local\Temp\2339ae1c976feb510370e75fd39c580c375774ed35fdf07d88efedc29081e482.exe
        "C:\Users\Admin\AppData\Local\Temp\2339ae1c976feb510370e75fd39c580c375774ed35fdf07d88efedc29081e482.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3076
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2E63.bat
          3⤵
            PID:2612
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2368
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:4696
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:1488

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          254KB

          MD5

          b3166b305391ff0707753b23e6ea4225

          SHA1

          90f45b353714c2fa75bf6fc7d34c7b760a12fe0f

          SHA256

          528b16af9e651ffcc368ff7d0787d4096c8aaf60bef6cb8e9e921028aefea686

          SHA512

          51d20e8b39c654f0a16b5d3c7aed498c3faced12f2908e884febb6f780ffde5b4b5c9cb164019de87111c01c51839ac2d87605c4b35b887de90961b398a2173c

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          573KB

          MD5

          47fd19a57b03128c736fc2ff6d20ff63

          SHA1

          71223ce5c72427e4b81f6fc443a0d6c0f8c76ae5

          SHA256

          ce2835620f122f183d9138679b8bb14d73174fb07ba3762be7ee34c04d27b81e

          SHA512

          d9807b74448b4d0491c9b8a838f610bc39812affa1884d5eac3eb7503a45c2a76a13e2ae942b532e784cedf8c45d22f17f4aa004b65c10f9e83e04687dd82ee6

          Download Submit

        • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
          Filesize

          639KB

          MD5

          c8d281da4c32df16eef470c27c8cb459

          SHA1

          00efc9f6844bfaa37c264b6452c6a7356638ab10

          SHA256

          058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

          SHA512

          e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a2E63.bat
          Filesize

          722B

          MD5

          c327a5fb5bf243ded4204cad9a6cc552

          SHA1

          ed307536bcba06958ef4a64eea78cc5bdd6ab641

          SHA256

          77ee79beb45fd31626525697ab8ff444e63d8bf5761e967f81b02927e1e90eca

          SHA512

          c174afb047c6736a7208e26d75389aab9e2fddd833e474f0f2b9e001d95a0f4868de3749151b0eb02220b2a5d7ce0ae2a3bc0ac0d3f6c2bcf5362bb6d3abb398

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\2339ae1c976feb510370e75fd39c580c375774ed35fdf07d88efedc29081e482.exe.exe
          Filesize

          7.3MB

          MD5

          172b6d29b3cdcdf2b0b14332eb216161

          SHA1

          7534c39aecd8a968c8cdf34db4cb388d999a3065

          SHA256

          3bb1c042bf917e6577be28edce3243628e9ce4245e9abbc2cc0196ccca26630c

          SHA512

          71e4e14c689974821c0bb80637a53cd5234df0111b809612ac810846fe2ba9d288da20141455b984dd842c8343166f807f8da51e74b66fbe3aec181db72806ce

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          29KB

          MD5

          c1154eebf193b34d928ac7a0d4d1425b

          SHA1

          e412ae088af8d3d6e268ae517e62dc7a7150bf2f

          SHA256

          fd38739477bdd63484e50d2b995923ab7da929db7fa69532e3293d8406f64b54

          SHA512

          017537aa4204c2c327024b4dc9bfa61a36a3f2b64a8898e890e83a33a83e237d2b9749e86b7517da5b265c331171e4054ea6d7cb594743b457821fac3d4f50ac

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-1162180587-977231257-2194346871-1000\_desktop.ini
          Filesize

          8B

          MD5

          4192191c0ab0c3b88220ba22a15110f6

          SHA1

          9c0fb16b7f5184b30d6fbc59562c618dcc4bdbd2

          SHA256

          2230f7e62213f6b9a4fd3f6b5dc957077d8fb4a16e56150c6323264457a057bf

          SHA512

          fd583ce439c1e8c5401e67dee407c0b7d566a5339bf779a2b4d6ce81f433c93c977c3a78345f3f750c42d8abd2aeed4a3edba183115b3fade994daa273206bfd

          Download Submit

        • memory/2368-26-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2368-32-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2368-36-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2368-19-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2368-1231-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2368-11-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2368-4796-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2368-5235-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3076-0-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3076-9-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download