Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

767470a0f7...f0.exe

windows7-x64

7

767470a0f7...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    767470a0f78dadfdbb45957c392e2c8c0144f739a30472d2afa449538692bff0.exe

  • Size

    5.7MB

  • MD5

    7615fb659700e7717f77b88e28113e89

  • SHA1

    bc2527db48050f702355397cd999dc889a54902b

  • SHA256

    767470a0f78dadfdbb45957c392e2c8c0144f739a30472d2afa449538692bff0

  • SHA512

    a180bc395e4317c88df3b7b839f1eb47369ba417fdc65e638c093498b0a175aa3940372375b6e01f409d653e4dc401ec3b0f205b4cf864323c9bfb86db883399

  • SSDEEP

    49152:QPv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dTPBm:uKUgTH2M2m9UMpu1QfLczqssnKSh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1336
      • C:\Users\Admin\AppData\Local\Temp\767470a0f78dadfdbb45957c392e2c8c0144f739a30472d2afa449538692bff0.exe
        "C:\Users\Admin\AppData\Local\Temp\767470a0f78dadfdbb45957c392e2c8c0144f739a30472d2afa449538692bff0.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:772
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$aB08.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          PID:1948
          • C:\Users\Admin\AppData\Local\Temp\767470a0f78dadfdbb45957c392e2c8c0144f739a30472d2afa449538692bff0.exe
            "C:\Users\Admin\AppData\Local\Temp\767470a0f78dadfdbb45957c392e2c8c0144f739a30472d2afa449538692bff0.exe"
            4⤵
            • Executes dropped EXE
            PID:3008
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2488
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2688
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2712

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        07dfea84a37074ab4aeee668afefc263

        SHA1

        2a735d75fa11191ddec37aad6552ada029bb286d

        SHA256

        bc8f1ef7ad9dd42375c3841bc745155326fe7b04e5f7b258feb078a9e58a48b6

        SHA512

        c594c418adfff394998bd107c9c168f9dd3fbd21d2e6b24309005d126a695e4fc17fb88fb43a9a6a31197ba26e8779518e40ac360a5b7dfe53a232a4bf19076c

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        472KB

        MD5

        88eb1bca8c399bc3f46e99cdde2f047e

        SHA1

        55fafbceb011e1af2edced978686a90971bd95f2

        SHA256

        42fd78c05bc240d4ded16ac974f17c336f6ae3a1814d548021c48a942cc30428

        SHA512

        149d4de0c024e25a13a7bb17471e6f48391d4f26b1c8388672320eed1c255f84219ad7b72bbebc531ae558d5192dd4bb6d0dddd6c65a45300c8e8348a4fb3728

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aB08.bat
        Filesize

        721B

        MD5

        5e50ba96db65a37cb8d1ee528789ea05

        SHA1

        f9bfd5c9c9dcb594caae7e38f82cd05a4d445613

        SHA256

        a8bd5aa4ba5b7022bcf8c3a994cd0558e77e767db158b46294fc1fff896c2601

        SHA512

        736f459f6cab5f86ad0a5fb3d03f63bebbdc93edeed7deb5767bc5f6e26e1afc512698e83c5761d2048dfae99ecc7a7bdb5c4b3869079e0b309549e0f9fdf8f7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\767470a0f78dadfdbb45957c392e2c8c0144f739a30472d2afa449538692bff0.exe.exe
        Filesize

        5.7MB

        MD5

        c596c3539f619ec76f36741933da5bed

        SHA1

        b3243f0ee893528f0ccd71700ca9970def6670b5

        SHA256

        bb9f95d1b280c1ec9ae27cf564bbb1b485e2d721d44b3288a9a43c07517e38de

        SHA512

        e6e9bd571f8a74b0d2f1a88f9c90fbf10a2150cda55cd4ad6f9a37e0c4a957a175ecb8adf17822331e6cb83bac6fec5bdc2fc87fdb5bc2bfa46ad7dac4df31d2

        Download Submit

      • C:\Windows\rundl132.exe
        Filesize

        27KB

        MD5

        e7022dfd7727b47fccc1c511a84e8c53

        SHA1

        9e258e645aa3df99b556e98bbe7390308014fbe9

        SHA256

        cffb794dcc2ef8b81c440fe0bc09f3172040e73d1ac9ef9e3a108ebb822a89e4

        SHA512

        69cb26c5dc0f6f4dd7d0ad32d921799bdba0cedfe063246a6c526872c9f211267e3e5989fcaa1f35ea19d4b06dd44f9d3d032db5b28f9a69581558d3eb2ebac9

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2812790648-3157963462-487717889-1000\_desktop.ini
        Filesize

        9B

        MD5

        4f2460b507685f7d7bfe6393f335f1c9

        SHA1

        378d42f114b1515872e58de6662373af31ab8c7b

        SHA256

        47a22297ce31d17b0f37251ce63cf2eb146700451caab6dd0aa710d2526c8e42

        SHA512

        75dcca6b81ac47511b847a5c35be4bddbee425436f7bfd1347115e18b84f52a16a5c517bda0a5f5d0a1f2541aab80d764932d8018538cb112fa3b6c9977e95eb

        Download Submit

      • memory/772-42-0x0000000000440000-0x0000000000475000-memory.dmp

        Filesize

        212KB

        Download

      • memory/772-16-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/772-17-0x0000000000440000-0x0000000000475000-memory.dmp

        Filesize

        212KB

        Download

      • memory/772-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/1336-30-0x00000000020A0000-0x00000000020A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2488-41-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-48-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-94-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-100-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-553-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-1877-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-2123-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-34-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-3337-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2488-19-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download