Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

845dc68ff9...78.exe

windows7-x64

7

845dc68ff9...78.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 06:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    845dc68ff96b0274c2bc3297d4aa7f93a9b528db816882d6ae255f9cd05b8b78.exe

  • Size

    1.1MB

  • MD5

    9902df4359a173fb2d380c39a2eece7f

  • SHA1

    af77c090421a15e5015765127f53f16d575e48fe

  • SHA256

    845dc68ff96b0274c2bc3297d4aa7f93a9b528db816882d6ae255f9cd05b8b78

  • SHA512

    b7d345a682bab87d2bfcda5fe8f48db3aefd213cd34c08298a9a647f3664a202f642d10ce27bc206e000d349424fea5d280111f614f76b864361d44ceb572a8a

  • SSDEEP

    24576:G73brCwSmrVCPxMXhhoHSttm+FmRHFPwgxyYz7bZzr79:G7cxMroHWFgxyYz7Bh

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3516
      • C:\Users\Admin\AppData\Local\Temp\845dc68ff96b0274c2bc3297d4aa7f93a9b528db816882d6ae255f9cd05b8b78.exe
        "C:\Users\Admin\AppData\Local\Temp\845dc68ff96b0274c2bc3297d4aa7f93a9b528db816882d6ae255f9cd05b8b78.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:316
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3AB7.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1116
          • C:\Users\Admin\AppData\Local\Temp\845dc68ff96b0274c2bc3297d4aa7f93a9b528db816882d6ae255f9cd05b8b78.exe
            "C:\Users\Admin\AppData\Local\Temp\845dc68ff96b0274c2bc3297d4aa7f93a9b528db816882d6ae255f9cd05b8b78.exe"
            4⤵
            • Executes dropped EXE
            PID:1936
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2720
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1608
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1132

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        a4ba015a708f68eb1aa8cdcaa692f088

        SHA1

        71a846a78fcb6bafc5ccbe372484e0ef81bc39fa

        SHA256

        fcdc3c1af76e1bbb58c5c1112fda5c82aa1aca8acdfc8e5377424dcb34ae4d53

        SHA512

        fdda3c5ae6474100bc0dd0dbc8b9af8874f18feb03f7fdfb8ff7f8d484de579e2ea5336c36b8c7ae8b959df00529b36e0c396984f29de07b442f7e311c9f5931

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        18b8b7178d7582e79cd6ce411aab3902

        SHA1

        cafe972ad5887d24817682b28d2782d354ed0eb4

        SHA256

        880f4bb0748e5546f71f3828d15225ae52f9e39fea24e85b7175a3824acd661c

        SHA512

        cb0a18bee9a513345d6bacb8625b2e04ff89c744786549959330a41bb23c2647690f67a3897d95d2a331f077e8244f32a274f987f737f1e1e96a708cc3b494a2

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        82168b5f40194e6e86457c2b534cfc21

        SHA1

        3e2702a384a03243e98ee6866e09f6d5df9b5de5

        SHA256

        c2f452c90356d0070c71ce17da69c4245dc24f46e1215eca22748567e48279d9

        SHA512

        6d041166b41e4608aa46b1724322a22d49e5d709f4b1bf89d2c6819282a813c88cd74ba6167f337d4d36a741ae53830b04e58e92fbfc597f85cd7f763284c774

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a3AB7.bat
        Filesize

        722B

        MD5

        48343887135aa2edab75150e7816d74c

        SHA1

        fb1db04ffbbedf2ec04af9fc3a9c14ee1e1e1713

        SHA256

        c6ac151bf53f9cc1b691231b07bdd14181b178e1239cc8a0bdba154ec22c998d

        SHA512

        bad5b26c3d0853b34fa2f1c834ed74ca461c538d4d6400fddc0b5e2e9bbbcffad7f446892c56e6e0264af9c417f2313160689586e10f59c69ed4d358583afaf9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\845dc68ff96b0274c2bc3297d4aa7f93a9b528db816882d6ae255f9cd05b8b78.exe
        Filesize

        1.1MB

        MD5

        5da79eeea8fffd12b2b77db479eee6e1

        SHA1

        070dd08a345deb068adf817193e22973f0a37fd7

        SHA256

        d34c171aefa01500a3b2a59b05fdd622ec87888fd8b197ee6d0e815b98443f3f

        SHA512

        b743b0601eb5ccdcfa3a89e01f9e879b02a697a50eb2eb3844e07cfee613fda75a136486e2063612fdf2a338f8720ea07a689462f3da7eb9f48b0ab0f70558ce

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        571380a64267656a16012c245c5bb39c

        SHA1

        4844d47d75a4d1a4fe2416687bbd56eddfc503f8

        SHA256

        0a318cb72048dd748f91e258575dca665b94bc314cf3599745caa374c1967f23

        SHA512

        d9b18cb5a0956c6445f3028748fc9868cfdb9c5696f19fed065367cec40ecfd39a0278538144c5c149ff2687055ba2c886326fa387e04240af55aae0cb396a10

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\_desktop.ini
        Filesize

        9B

        MD5

        60b1ffe4d5892b7ae054738eec1fd425

        SHA1

        80d4e944617f4132b1c6917345b158f3693f35c8

        SHA256

        5e9944cc48c7ec641cf7b1b0125f47f26102c371a973612f0583f604bc3900d4

        SHA512

        7f5c200924dbb5531df997e6a35cb94f36b54f5651284b0d6404f0576301125ef72b410a170fca889d46c033063663cfc7791f9e4c3c30695af069053eee66cc

        Download Submit

      • memory/316-10-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/316-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2720-27-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2720-37-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2720-33-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2720-1231-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2720-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2720-4799-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2720-13-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2720-5238-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download