Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7e4017cce5...15.exe

windows7-x64

7

7e4017cce5...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e4017cce5f5a16033ebd00f6131dff808c08d64e9d9187779373d3bf39b7d15.exe

  • Size

    364KB

  • MD5

    361e667717528f22e068f3abc45ba497

  • SHA1

    ade8b16a05244f282ef3c59d0269836054456316

  • SHA256

    7e4017cce5f5a16033ebd00f6131dff808c08d64e9d9187779373d3bf39b7d15

  • SHA512

    33604be924fefcdf251e4e5579f9c625f98e3753e3eca4f98ecc1dc86d59f2d069b26e426be6e478d6162fbaeea72931cb3ddd20c00b22a0d967b8e1167686d6

  • SSDEEP

    6144:XuJPzU66bkWmchVySqkvAH3qo0wWJC6G/SMT4FWqC:wU66b5zhVymA/XSRh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1188
      • C:\Users\Admin\AppData\Local\Temp\7e4017cce5f5a16033ebd00f6131dff808c08d64e9d9187779373d3bf39b7d15.exe
        "C:\Users\Admin\AppData\Local\Temp\7e4017cce5f5a16033ebd00f6131dff808c08d64e9d9187779373d3bf39b7d15.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2100
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1EF6.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2344
          • C:\Users\Admin\AppData\Local\Temp\7e4017cce5f5a16033ebd00f6131dff808c08d64e9d9187779373d3bf39b7d15.exe
            "C:\Users\Admin\AppData\Local\Temp\7e4017cce5f5a16033ebd00f6131dff808c08d64e9d9187779373d3bf39b7d15.exe"
            4⤵
            • Executes dropped EXE
            PID:2708
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2356
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2600
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2460

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        e361c4ee7e678f75fde74113fcc34369

        SHA1

        107561a4f23b2f9f6f6d2014f145907e085616a9

        SHA256

        46bf981f69c4e1d4565aabeab4988cf233e9e04ddf0a1286b8b41f4a031bc7da

        SHA512

        2f3057b98c587848b1276790042a8506247c29fa2d000295bbc4d1a679c4b355d208983332da37fc31935c94a3328a8423cafccd26443e787ed5b38a83ca3668

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        474KB

        MD5

        c14a5111b798cff20d7d66b0e035d409

        SHA1

        29f0894552b30815fed6ad231b5721e876869552

        SHA256

        fd6f57dc1b82f6301cbecbf9db5728a9a69b10e3edbf4f8a1dfef571c77a6cb6

        SHA512

        a4d8b74216c76fa3d48ab7300452725602bc6d5bcc0e6c23d458d65362cd24751f23755180ae69633090b172e95f18f225c0cb4a71dd1e050d8b3dff466e7f1b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a1EF6.bat
        Filesize

        722B

        MD5

        cbcb1bee77408a955cc7cc58c2818746

        SHA1

        5762e7946fd6e0883b92abde2520db107f2c63d4

        SHA256

        2926f4bb5c002b1f2e7e4deebb78fe40282c8f6ceaec8ab52f5da758d086882b

        SHA512

        aedfdc5b299ae21d9f05dcea40d7c0da9d89126b584b5d9ae5ee940be8871d7e0385b4eb4d516232b3181961089ec26ec33c182d1c41e43abbd822d639901fe6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\7e4017cce5f5a16033ebd00f6131dff808c08d64e9d9187779373d3bf39b7d15.exe.exe
        Filesize

        335KB

        MD5

        40ac62c087648ccc2c58dae066d34c98

        SHA1

        0e87efb6ddfe59e534ea9e829cad35be8563e5f7

        SHA256

        482c4c1562490e164d5f17990253373691aa5eab55a81c7f890fe9583a9ea916

        SHA512

        0c1ff13ff88409d54fee2ceb07fe65135ce2a9aa6f8da51ac0158abb2cfbb3a898ef26f476931986f1367622f21a7c0b0e742d0f4de8be6e215596b0d88c518f

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        2dc511c4f3ce6fb100008f50e863289b

        SHA1

        2da48011d287e4d25a272b69379d345e59e693de

        SHA256

        22b25e11f1c7a43ece9d027609b9f7358bb47df7796d786adc0d04fdd5e93e3d

        SHA512

        743ae328b0b8d71639fedff1a15ca8b118370a60606bc647b9a01dc65364b5490cb148e25d47048680394bb83e0f8ae6fb5abc5a6b63f43b589b4c48ba5f1469

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2737914667-933161113-3798636211-1000\_desktop.ini
        Filesize

        9B

        MD5

        2822854d33e24347f613c750df46b810

        SHA1

        c2ea2529c032aa552d5a8301900cf27fc0f6045c

        SHA256

        73f2f888bdeaf9427c7aa3355fbe711e6570fb5e9e48c3f64cd229198ce85ad2

        SHA512

        21fff5d14e03a0420d9242a095c2e93ac2b7e6b9e49d12da907394ac9725bb746896721ceded88411895e9630a8ffbface168f0c02630b33300647d3d9e3326c

        Download Submit

      • memory/1188-29-0x0000000002630000-0x0000000002631000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2100-39-0x00000000001B0000-0x00000000001E6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2100-17-0x00000000001B0000-0x00000000001E6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2100-15-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2100-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-38-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-45-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-91-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-97-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-532-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-1874-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-2190-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-31-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-3334-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2356-18-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download