Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8bcac5a8b3...d9.exe

windows7-x64

7

8bcac5a8b3...d9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8bcac5a8b31473795f578b46df66426871025191b58ddef07003469ab6b87ad9.exe

  • Size

    1.1MB

  • MD5

    010e615e14c63dcf3ab7822cf7d56cbc

  • SHA1

    f93b162f56c3f342ed69d955089fca9ed5ca4b7b

  • SHA256

    8bcac5a8b31473795f578b46df66426871025191b58ddef07003469ab6b87ad9

  • SHA512

    29a1ff130ce8db3ed16914704ab8a0c33c37ea9ce56a93e2ff3360538e3ad277dd7d7f3b4fc8dd285da63051e0139ac5b2a8f500e1065ab4f7a91a6e4d4afb28

  • SSDEEP

    12288:z7+30+TLA2jhAiMOYvCRByLdwIII37aOlmT6HziyIjG:z7s/HfRByLdwI3AUiysG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3564
      • C:\Users\Admin\AppData\Local\Temp\8bcac5a8b31473795f578b46df66426871025191b58ddef07003469ab6b87ad9.exe
        "C:\Users\Admin\AppData\Local\Temp\8bcac5a8b31473795f578b46df66426871025191b58ddef07003469ab6b87ad9.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1860
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3CEA.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2520
          • C:\Users\Admin\AppData\Local\Temp\8bcac5a8b31473795f578b46df66426871025191b58ddef07003469ab6b87ad9.exe
            "C:\Users\Admin\AppData\Local\Temp\8bcac5a8b31473795f578b46df66426871025191b58ddef07003469ab6b87ad9.exe"
            4⤵
            • Executes dropped EXE
            • Modifies system certificate store
            PID:436
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3376
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3536
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4912

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        1a0bd34c8a65342cb7e4ab8e0c9441bd

        SHA1

        1f0b7762b58c4a5308719d0576edec6f09cec1e4

        SHA256

        26e0b0000dae48e449f5f3258417cf44324ab3cf5545421a122ccca8cf58bb7b

        SHA512

        e5a64097c1662e08dbd2e6eba319aff08cb61ae9c9ccb2bc91921cc76cc682edba741c2e50cb74ff5802faeb8e95c775c13237c0e435af43d095fede74d0c81b

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        0768640bd49b93a8aabbc80980048036

        SHA1

        691179cbf79270d8cb24a630e0e421a55eb58b0c

        SHA256

        ff618588a694f4c35f9925456ed39a1dacfbd569b8311a84dbfa2bd25a5c1486

        SHA512

        f9907cd372f564b42ce38020bbd29b69a934890894da10bea81c99994c77c7bd6b3c81bf05bd5121c181c600f3da378471c93371ec25a3ce6e27ba2ee4af92aa

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        2500f702e2b9632127c14e4eaae5d424

        SHA1

        8726fef12958265214eeb58001c995629834b13a

        SHA256

        82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

        SHA512

        f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a3CEA.bat
        Filesize

        722B

        MD5

        7c9591a387b9c78fac3bbc9e43f298f4

        SHA1

        2ba3ba635fabdd87577ee1bdd4237e331150373a

        SHA256

        6d660855781c9446db0cd00a8152b15fc3ef8c74abc0cc8ade0367c0f799f9c2

        SHA512

        d8a081e2c5f45f1a629c67d4ecc390ecdab82df93cbd812de4e0ec2deac67238744665df1873f6c82a77299e11ff7e39f67a4a0dc6aaf7f83e5d680ef217fb12

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\8bcac5a8b31473795f578b46df66426871025191b58ddef07003469ab6b87ad9.exe.exe
        Filesize

        1.0MB

        MD5

        3892ad0cc7dc6564d98ea5894a709857

        SHA1

        a05e406aa436f790822384fcdf80aadd6ed28d4c

        SHA256

        fd585cfde0ce11631077cc7f6ac9d7f605022bf65b52effcf7f00f87d9281fdf

        SHA512

        6ca3eb5c463433bde186bfb34c6330a6794c69021d0c6946461197a58fcbf1099239381c79968478c2c24e02ff730c74178e77404d9dc1993135a6194c09f487

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        8eb50bda241063e043efa5cb1bced8c1

        SHA1

        f663a7c0b16009fe6dd993862b7624c42783a23c

        SHA256

        0066b1cb7a90d4fe907c91f624a3f33c45ea16bc021c3f4cb03663ce1850364d

        SHA512

        b4244883b647fcf41a27306afa405ff10542e0fab4045a9f7946b7d355cb90b7b1b07b807e65824473b1d07178fc2bd1c1a92d045b58aaa57db81d5a899b3ffb

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini
        Filesize

        9B

        MD5

        a470ca2426c102d035971b2e504d921b

        SHA1

        1720ef61e5c8e2ad6da9992a78940228fc81d615

        SHA256

        13721d3153b316d1b54c64b67de19ae5147cb78e332448e6b800f6d510c269f5

        SHA512

        c12907d26eac47d219aaa47b11d243738b0e698f898f9f2bd199652bc094197227ce12bc5fc96f5da25f1fd7b5904fe71ee3792105b05ac13a135d89aa1c1831

        Download Submit

      • memory/436-19-0x0000000074C62000-0x0000000074C63000-memory.dmp

        Filesize

        4KB

        Download

      • memory/436-20-0x0000000074C60000-0x0000000075211000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/436-21-0x0000000074C60000-0x0000000075211000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/436-44-0x0000000074C60000-0x0000000075211000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/1860-4-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1860-11-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-58-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-62-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-52-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-530-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-1257-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-9-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-4822-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-45-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3376-5261-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download