Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8fa3daa625...6c.exe

windows7-x64

7

8fa3daa625...6c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 22:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fa3daa625ae2dca89619f11c09a9e83ac60fce69a2456a0d077befa5f38806c.exe

  • Size

    64KB

  • MD5

    98b0064d89ed805f5157fc83cf9862bd

  • SHA1

    8297a4debe0cb8cb739ad540be0853c1ff221ced

  • SHA256

    8fa3daa625ae2dca89619f11c09a9e83ac60fce69a2456a0d077befa5f38806c

  • SHA512

    0ef6895b4d47af05e7e3fb28bd6a4332279996d02ddd93ed095c6cd3eafafffcd75076a5bb26c81dbf12749d632ce7086cfc661e0cb0f78d3adbefc98a738a65

  • SSDEEP

    1536:13SHmLKarIpYCriw+d9bHrkT5gUHz7FxtJ:1kF3pxrBkfkT5xHzD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3432
      • C:\Users\Admin\AppData\Local\Temp\8fa3daa625ae2dca89619f11c09a9e83ac60fce69a2456a0d077befa5f38806c.exe
        "C:\Users\Admin\AppData\Local\Temp\8fa3daa625ae2dca89619f11c09a9e83ac60fce69a2456a0d077befa5f38806c.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4324
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a52E3.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2988
          • C:\Users\Admin\AppData\Local\Temp\8fa3daa625ae2dca89619f11c09a9e83ac60fce69a2456a0d077befa5f38806c.exe
            "C:\Users\Admin\AppData\Local\Temp\8fa3daa625ae2dca89619f11c09a9e83ac60fce69a2456a0d077befa5f38806c.exe"
            4⤵
            • Executes dropped EXE
            PID:1424
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:412
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:552
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2088

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        e717ae96c8cbad47ef54a29cb03f56e2

        SHA1

        4580830b81aa06abec2d068c123fa50b8e9c9635

        SHA256

        d121a8c9c3190816787c202788ac001382accff0d958cc689076b5aaab77e763

        SHA512

        07f8a96c6553fb1667b6e6a285c6a879938143cd9345278209fba7998fccc4bed9e11d962105f011470fc06bf91e9e17df615ddd28af7b67d613a27c032a0be7

        Download Submit

      • C:\Program Files\WatchRegister.exe
        Filesize

        237KB

        MD5

        53fe34338cfe5a0b9c13e2d32463cef1

        SHA1

        ec14da2b0b4954f9092d5db8ee9fa33d0ba11f35

        SHA256

        39799d55d67d69c7f40ab668bef589213a9bb49b3a8f22a503656f631455a8f1

        SHA512

        c732bf874bf68d84666e99bb289896d92a9ece3e60bb8c9a46e6c30dd7e6114647ff506ece76bc06f828dd604afcbadbf0a0f2b5798450af2b36b7aefdbeb0c1

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a52E3.bat
        Filesize

        722B

        MD5

        9ef895a6806de26e7bcfe39f7b2c927b

        SHA1

        330b1c958cc3bafe2e53d024f77241acd8265b45

        SHA256

        4b5f6a70f591a38d43b819fabf7b1daab89e1402ce9f66e0412790832dcacd86

        SHA512

        0070aa1478ae4c4ae8c083903c22dd00cd6cabcc732652cf5938343c85865e69799c45bdfa4339294a990b13618fbb7f2c802615d7eba9f8a2bb18034810537f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\8fa3daa625ae2dca89619f11c09a9e83ac60fce69a2456a0d077befa5f38806c.exe.exe
        Filesize

        36KB

        MD5

        9f498971cbe636662f3d210747d619e1

        SHA1

        44b8e2732fa1e2f204fc70eaa1cb406616250085

        SHA256

        8adf6748981c3e7b62f5dbca992be6675574fffbce7673743f2d7fe787d56a41

        SHA512

        b73083c2f7b028d2946cb8f7b4fe2289fedaa4175364a2aac37db0aeff4602aede772ccc9eba7e6dcfcb7276e52604ca45d8021952201b5834485b48bca3dc93

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        1d88346ba33facab0ac50341f204c090

        SHA1

        51af8c88d05962fe058d04f4db2f91c149a8ca0e

        SHA256

        9f4b5fa6ae1fdbaa8ee45660ba2f7cb89fb4e2741aecb94905d3eebd4649d462

        SHA512

        33914c9a1a4618d3e26918a435a32767c0c9349044fdcca220fcd5c203d469da2537aa247a2ca011b5b7b7ef899304ee56eb8f5770c06e2b757f37f656c8fe6b

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2804150937-2146708401-419095071-1000\_desktop.ini
        Filesize

        9B

        MD5

        fa1e1ef0fdda97877a13339b28fa95e5

        SHA1

        7e2cffca41118e7b2d62963bd940630b15b85653

        SHA256

        968b715c081472526487d60da8968e9b3bde2dac103f69beb3f6abe6ef7bc191

        SHA512

        3d55913a97aa89a7201342705640c1d031d19ad8aca4939219067f84e3fe118f47b4e388f490f69f605683d3854425c3de188f731886405474ae8e3d42c86f4f

        Download Submit

      • memory/412-26-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/412-32-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/412-36-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/412-19-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/412-1231-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/412-10-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/412-4797-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/412-5236-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4324-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4324-8-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download