Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b7c665a943...4c.exe

windows7-x64

7

b7c665a943...4c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe

  • Size

    49KB

  • MD5

    ccff02730a6e77d47591a7aba6cf6e1d

  • SHA1

    2feb1affda81b9aee5ecfd39babe546300e36e7e

  • SHA256

    b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c

  • SHA512

    2e7d88bc0b2bdeceb522befc22eddef3ab49dbb1ec7e2643c66b168855f243a62c80c4f4afb146ce5ec414855ed541b7708de63970e397e38c889de497c80fef

  • SSDEEP

    768:I1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL31SFUZP5TYi+UAMxkE8:afgLdQAQfcfymNr1dZP5T7lxI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1160
      • C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe
        "C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1876
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a5918.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2516
          • C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe
            "C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe"
            4⤵
            • Executes dropped EXE
            PID:2420
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2548
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2512
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2592

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        533ce215a7c274602dc456ca375cef93

        SHA1

        76c502d7c45eca3fd96f6b04eb850e751bc785dd

        SHA256

        d70c9f73bbeed5cbc0df4a4d14bae68789f84d8092281337d2919322b288ce9c

        SHA512

        09d9dee36c48567921de4b7c31c4a822d5f9ed5e0b1cb0330031b320f40b5ba9b15e89dc37d52561094642c0ff16c14d32e81ed5b1dac06150fefbbd6f3365bf

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        471KB

        MD5

        4cfdb20b04aa239d6f9e83084d5d0a77

        SHA1

        f22863e04cc1fd4435f785993ede165bd8245ac6

        SHA256

        30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

        SHA512

        35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a5918.bat
        Filesize

        722B

        MD5

        246be4b3b2f38ce973d49c98203bfc28

        SHA1

        caf0b296f4f13916876c707a578cbffea551a972

        SHA256

        535115d968bc075d34488559c92aa3fd163e66d28ff5642c377d85930093180c

        SHA512

        c7eb0c6bcea69098feacf142c1b251297d2db6e1ff4d9df3342fd16e2501224644faf0fdbc5810e8c1eaaf7d19abe8fb46e0d98cf4f9effa68238cbe48c7b102

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe
        Filesize

        23KB

        MD5

        3c85f5e1f38b3b8176c0580debb48d38

        SHA1

        422e4f21186268066d30ad882ec66ed41c322a5c

        SHA256

        bf12b0043439b9ec8542e60374a4956b21cf300c94a779875f1715a10326353a

        SHA512

        2c8d3375ea1dbfabef36df5e22e22a1204545c86fae81c402abe55628d2b6617099f2713b1dbbcaba81c94d1788de25909ca162fed03a8d161f6008927c61889

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        925efa8e6ec043b04fdaf9e6c9f95b9f

        SHA1

        4bb883e016bdeecc3f21b562df6364944b777ae3

        SHA256

        6513ef9968b68f982fb83460b5919e55470f514db71c3831c2ea5c7b3a2721db

        SHA512

        bf4978b5b10932de14d0c64566768708331f89a815f153323173506aecc296236a22d387b5caceba100c72b44e6b870e879f7350f1abce413bb92d54e70b133e

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-39690363-730359138-1046745555-1000\_desktop.ini
        Filesize

        9B

        MD5

        2822854d33e24347f613c750df46b810

        SHA1

        c2ea2529c032aa552d5a8301900cf27fc0f6045c

        SHA256

        73f2f888bdeaf9427c7aa3355fbe711e6570fb5e9e48c3f64cd229198ce85ad2

        SHA512

        21fff5d14e03a0420d9242a095c2e93ac2b7e6b9e49d12da907394ac9725bb746896721ceded88411895e9630a8ffbface168f0c02630b33300647d3d9e3326c

        Download Submit

      • memory/1160-29-0x0000000002A90000-0x0000000002A91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1876-16-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1876-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-18-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-44-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-90-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-96-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-222-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-1873-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-38-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-3333-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-31-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download