Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bb7dd31ab1...a2.exe

windows7-x64

7

bb7dd31ab1...a2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 18:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe

  • Size

    88KB

  • MD5

    ab054d5ffb9c058402e9375e28840f22

  • SHA1

    88f5df08335ddaffdbab6aca65cda6b51d85643b

  • SHA256

    bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2

  • SHA512

    5cf3ed305e4398c98698c8032d7986040f95b816181eed0f07a6be4ff7503a6eecf75df28cbdee3547378d6c89d782c432afd73a505e468fbe4b8777ce872c3a

  • SSDEEP

    1536:ppF3SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:ppFkuJVL8LK4ddJMY86ipmns6S

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1204
      • C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe
        "C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2904
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2D86.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2648
          • C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe
            "C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe"
            4⤵
            • Executes dropped EXE
            PID:2240
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2716
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2688
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2612

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        59b7aae3cb37d1edacd55159253dd510

        SHA1

        ceabb6ffbb679732784c01f9d3631898546043a6

        SHA256

        44ead1f1ed8b1136baf384c692ebd3547d6d7a9a2398dc32774f625ad3849dd9

        SHA512

        d1679594a2f6417c01602781436b8766af5f7c470f500885e7bf74ec60e9006741aad5c164e3088a0785f3ff3b5d91ac91325c29e9d51b0abbbb24cdda6ea778

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        474KB

        MD5

        6eabc463f8025a7e6e65f38cba22f126

        SHA1

        3e430ee5ec01c5509ed750b88d3473e7990dfe95

        SHA256

        cc8da3ecd355b519d81415d279ed037c725ba221bf323d250aa92ee2b2b88ca7

        SHA512

        c8fde7026ac8633403bbefee4b044457184388fb7343d8c46f5f7f272724227976bf485ea91da49e2a85dd0cfb73f260ac705d8007333dd3e5539fe5ed67e3ab

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a2D86.bat
        Filesize

        722B

        MD5

        f1f9b8c8f88a1ae15905d018be2b1eb0

        SHA1

        e9ea7bad1483634b821ea9351a140975be4cbb86

        SHA256

        f20b92a14a5604b14eca13a5225b879021d383bbfc05f92c3f8253b6dfd8b705

        SHA512

        4214e386e6302a274389580835f249c2d51d8ab4d039fefa8c3c62e655ee2a4132dcdbab4cde7f182129987400d8c4fbc206d22c2e12b8a4336938cd8c0701ed

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe.exe
        Filesize

        59KB

        MD5

        dfc18f7068913dde25742b856788d7ca

        SHA1

        cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

        SHA256

        ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

        SHA512

        d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        87e1376a8f4d0187c9cd966e5387fba6

        SHA1

        58bdbcb537922706c165607eaf003f2189bc99d3

        SHA256

        f232f879c9a948f3a8697062e75ed55b0e34c10b4c9aa164f90a8a12e0816895

        SHA512

        33219331ace9c8f8ab0a670c9a1f264dfe5e6b50443922d8dac485cd7dc4fd8b63321433c555d6484e038e04985656ce417b4b7a8ffbd8c43b2ad8a7c45dbff4

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-268080393-3149932598-1824759070-1000\_desktop.ini
        Filesize

        9B

        MD5

        917c6bf65db2dfa12e70e5aa6a061a01

        SHA1

        bd0d9f217fd74efd784ad4a1b41f330b36e64edf

        SHA256

        8ad43ce062fe590809844ebdf64f2eb0f7d32357c89baac5640ff132dfcfdd19

        SHA512

        21a71205a9abfafcf7fef2a1697ae78a6fe14591bef85f86137d5355b5d40e1b8ca810e351256e0dc2973677e9b4452014126d3e5e81b0c3f1fcbd1a087481cb

        Download Submit

      • memory/1204-29-0x0000000002540000-0x0000000002541000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2716-96-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-38-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-44-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-90-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-31-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-844-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-1873-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-21-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-3014-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2716-3333-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2904-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2904-16-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download