Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fb03215045...77.exe

windows7-x64

7

fb03215045...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb03215045eb8fcb9d6c6ff807dd3f69ccde59000bad163d7e5f67ac05a1f277.exe

  • Size

    484KB

  • MD5

    88977142bdfb752a1cb0a518e7ecffdf

  • SHA1

    5bab0edb5850e0dfd4980fbd0cc732535e69cc1b

  • SHA256

    fb03215045eb8fcb9d6c6ff807dd3f69ccde59000bad163d7e5f67ac05a1f277

  • SHA512

    6e651f6f647972b06a9960a9fedc6ef4d5d819170aca85a89791d11366ad7d7982c1e3426b38fc9cd7c6da4675ab1890c6035072b666c1c9bf483e4eaa1112fd

  • SSDEEP

    6144:lVfjmNIz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fay7:D7+G1gL5pRTcAkS/3hzN8qE43fm78V

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1372
      • C:\Users\Admin\AppData\Local\Temp\fb03215045eb8fcb9d6c6ff807dd3f69ccde59000bad163d7e5f67ac05a1f277.exe
        "C:\Users\Admin\AppData\Local\Temp\fb03215045eb8fcb9d6c6ff807dd3f69ccde59000bad163d7e5f67ac05a1f277.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2200
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a5AC.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2212
          • C:\Users\Admin\AppData\Local\Temp\fb03215045eb8fcb9d6c6ff807dd3f69ccde59000bad163d7e5f67ac05a1f277.exe
            "C:\Users\Admin\AppData\Local\Temp\fb03215045eb8fcb9d6c6ff807dd3f69ccde59000bad163d7e5f67ac05a1f277.exe"
            4⤵
            • Executes dropped EXE
            PID:2664
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2336
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1840
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2648

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        2cbf0e13c88dcc4a4f21740219dfc1e5

        SHA1

        c00dbe095e29b77221963148de962312fa51f178

        SHA256

        34af897488657539915345a48106d1dec508abbb3d7867e97d1f59440fe98184

        SHA512

        8929533a3787dc7e2958b6d2a08a2de069e5732cef2187b87c1d7437798091dccf47f7f9d7bdf7ab68c92d97f578d2c24dc5276136a20446d22d1b32085e83a6

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        471KB

        MD5

        c6c8fde27f649c91ddaab8cb9ca344a6

        SHA1

        5e4865aec432a18107182f47edda176e8c566152

        SHA256

        32c3fed53bfc1d890e9bd1d771fdc7e2c81480e03f1425bce07b4045a192d100

        SHA512

        a8df7d1e852d871d7f16bae10c4ff049359583da88cc85a039f0298525839040d5363ce5ef4cbdb92a12a25785f73df83cf0df07752b78e6e6444f32160a2155

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a5AC.bat
        Filesize

        721B

        MD5

        34e876e8a5dc604d15c82e6767dd9576

        SHA1

        39f4e90a0f249c1555084a0aa9280f0feba9cb34

        SHA256

        8e7048882dbaef2c67fea7c1c81bb0e801e2d0e0e941670b3c06c78550e330f6

        SHA512

        36362cd3fc2cbf5a9d70ae0b8f335c7d155fa1d695879797319864dbf7b6206f8aa98c4633dda17c9b9e2acb127c5066468a727f425b23d2b20e07b462868ca0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\fb03215045eb8fcb9d6c6ff807dd3f69ccde59000bad163d7e5f67ac05a1f277.exe.exe
        Filesize

        458KB

        MD5

        619f7135621b50fd1900ff24aade1524

        SHA1

        6c7ea8bbd435163ae3945cbef30ef6b9872a4591

        SHA256

        344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

        SHA512

        2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        6bb917e54f07b1f77de86ee02cc2fdca

        SHA1

        33c02d2bdacdad19592f68bc30375f798facb53b

        SHA256

        a5076f4ef41e1596ea6b5c37d19ad811af1ac9c659a3a6dc1599bb1b4dbaff80

        SHA512

        1358692ff3b0b2f419bd0fe528294bdba5eee70985ac1aa73a6635b7a30bc471500945d0d82ba1854c087e3097a16e9cebc8ddb7fa4fda3d5fd5a4dfe95ff6b0

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3627615824-4061627003-3019543961-1000\_desktop.ini
        Filesize

        9B

        MD5

        304501c003da3bc5756aa53a757c30cc

        SHA1

        94dfcea0ef17f89b3a60a85a07edb4c00170cc1c

        SHA256

        9f4b03cbd52378f329bfc7088f8242bbc1a0a2754bc2f8a40e3b74e0dedecd6e

        SHA512

        78cd3c2cb4cb66e41d8947e1231256c2043d71c77f97e92915e938a6c1d9a8c003512027d98bc71bf582875d269e5fbe6e134f57b25f5f79fe16f9a412387dc8

        Download Submit

      • memory/1372-29-0x0000000002970000-0x0000000002971000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2200-16-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2200-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-31-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-38-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-44-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-90-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-96-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-749-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-1849-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-2778-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-3309-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2336-18-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download