Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

574125e2c0...3f.exe

windows7-x64

7

574125e2c0...3f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 21:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    574125e2c04d2b76c5738c95efbb3f59f9c3219c729eb8ec093744361420aa3f.exe

  • Size

    132KB

  • MD5

    e9189581342f1140180bb5368ae2edde

  • SHA1

    3576bb622860757dcb4a6009c51fc33b245d2dd7

  • SHA256

    574125e2c04d2b76c5738c95efbb3f59f9c3219c729eb8ec093744361420aa3f

  • SHA512

    623c4579c24fdddb0042708bf30eb139243031849b2241fba2adb74c433f27ce0e2a5ad174f5cb406988f90ee8a8fd3bab6c9d0af86b1061870a727336d622c0

  • SSDEEP

    3072:xAyLd0K/JdOebFhcYfWLI2d/1Fb5eOBpY2Ss4t:XLZ/JdEVM+deOBbSJt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\574125e2c04d2b76c5738c95efbb3f59f9c3219c729eb8ec093744361420aa3f.exe
    "C:\Users\Admin\AppData\Local\Temp\574125e2c04d2b76c5738c95efbb3f59f9c3219c729eb8ec093744361420aa3f.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3656
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a92CA.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:756
      • C:\Users\Admin\AppData\Local\Temp\574125e2c04d2b76c5738c95efbb3f59f9c3219c729eb8ec093744361420aa3f.exe
        "C:\Users\Admin\AppData\Local\Temp\574125e2c04d2b76c5738c95efbb3f59f9c3219c729eb8ec093744361420aa3f.exe"
        3⤵
        • Executes dropped EXE
        PID:1052
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3640
      • C:\Windows\SysWOW64\net.exe
        net stop "Kingsoft AntiVirus Service"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:5084
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
          4⤵
            PID:4260

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7zG.exe
      Filesize

      750KB

      MD5

      e6e190e064db7c8e5273f82ed35d19b9

      SHA1

      6d6699b8c94c75b43e9da29dc016e62ea8e177ef

      SHA256

      580975fc1e9fba8dc711a41013a636ba441007c1d4d3791ffe5f6ddaa4aed8d4

      SHA512

      d34a357044db116d6ed312579d1ba1e58646aed8014cae207b390aad8b99e6e3d923df158a4681db22c749af937041747e9fa8814927c32942a335dd2cef8fe3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a92CA.bat
      Filesize

      722B

      MD5

      476deff0e32f31ccef8e633d2db9f8d1

      SHA1

      116df707c2f011aa7053dda98c6a912a005e6435

      SHA256

      c09689115487768fae9f8d4a73fd54b1c5f1c402f2abaf678953a473c87baa67

      SHA512

      3482c789d33e848ddf016313bee886644b6f8765ea61308202ae95ef3207c279a2531f57ff34f9c9833f1b3ebb039e20bcb79e7d7a54b9ba240d68518928ad4b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\574125e2c04d2b76c5738c95efbb3f59f9c3219c729eb8ec093744361420aa3f.exe.exe
      Filesize

      66KB

      MD5

      7255c3ac9f65161062fe5161bb743a5f

      SHA1

      f9965b2c29fe9a9d236ec60920657dc2ed7f869f

      SHA256

      20e74d12502aae815b3d23956792c87a10a57cab0752fc968b9917360436f072

      SHA512

      ab85a02b8bf22fe0b4e79eca8b6f1bef7f30f6faed15d2565ee9a99d2452262d45ce6297b571f7db5711bd7a0beda59b1d3d9d6864dd9028dcce079607f0f646

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      66KB

      MD5

      3df5852b7f00b2d927fd157fe3ab9d7b

      SHA1

      405b1d2054eb357133bd5019c749f07d8ebae9ba

      SHA256

      717c8d0200f827fd26f0759f16cf562cb417c5e25d3fd464ca9cd7b1b1a80ffb

      SHA512

      b82e7054cd24e9577fd24ec5228bb8271ee34a5cdcfd7a269cbbabc4d843f5bbfafaafe4f46891f8dfceaf543a9c286243558e9c521574b41eca3e77c17ee0c2

      Download Submit

    • memory/3640-15-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3640-13-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3640-17-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3640-12-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3640-141-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3640-212-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3640-224-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3640-225-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3656-6-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download