Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

53dc8fb8b2...a9.exe

windows7-x64

6

53dc8fb8b2...a9.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53dc8fb8b2be82d8938be55fb2f3dbf296a7dafcb19af99077e0eac4d525c1a9.exe

  • Size

    29KB

  • MD5

    6ddb4552e247b503aaf237abf2af8e0f

  • SHA1

    7a5d633903ea9380cc32182dc588e66f5493f960

  • SHA256

    53dc8fb8b2be82d8938be55fb2f3dbf296a7dafcb19af99077e0eac4d525c1a9

  • SHA512

    93d009f9e1a24835213b6a44f992b76e298ab35060c2a6763ba8e3fc22ac4f474046ec328f4bb5beb19aa9e0c9eee03e0478e5cb31ce06bcaad2434b5f7c11de

  • SSDEEP

    384:NbboIPW1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnJh:plPW16GVRu1yK9fMnJG2V9dHS8

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3380
      • C:\Users\Admin\AppData\Local\Temp\53dc8fb8b2be82d8938be55fb2f3dbf296a7dafcb19af99077e0eac4d525c1a9.exe
        "C:\Users\Admin\AppData\Local\Temp\53dc8fb8b2be82d8938be55fb2f3dbf296a7dafcb19af99077e0eac4d525c1a9.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3036
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2088
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:4564

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        247KB

        MD5

        1c9e73bfbde7b7b785eb5bff59de8151

        SHA1

        0d19c17f1d3c4764a83534fed2e4494964c63e95

        SHA256

        34906b69c97f4b9bc7401bd210da36ceb632d53f63583d880d3172a000fc3e33

        SHA512

        c86de4e091072b3887fb0799e76d9ba14dd22917a8ef6918dd810481601eae9badcb50e917605908b78ab93f1e70fd236cf6856844662378a61ce54fdbc1b874

        Download Submit

      • C:\Program Files\dotnet\dotnet.exe
        Filesize

        173KB

        MD5

        335da5753d930710a6b5ce6b7cdbfc99

        SHA1

        98d8f975c578d7c8962a761ffda9b3ea6758b273

        SHA256

        6812d3c0fa5254a759391d865b663a801334093a4a5ef38c2195c57fbe3a9f6a

        SHA512

        acc6f3a6f8ae0aedcbdd5f762f11117377808ad7a01a623f22650aea15556e6a2cc261df2f211b811ee546fa6167a6dab687bfba79262d9ac442bf052fe815c2

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        cda7714d2ec36fbd5dfd358b3cc885ce

        SHA1

        410c57ed71630d168738f40cea3ccc65529b0ae1

        SHA256

        d2c7832ddb52cfbb750dfffae048fd9c6a9cf06a52b7de91a0be255dffadef4e

        SHA512

        89cc9f52ae02711a9f90f2ba8e6b62c8ac442b967903067e1f3c5c12ff3ca012b62b8af4e4e7c3762b4c3ee255826b509fdb064c0d2861a2c2953a02c4fc1714

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1750093773-264148664-1320403265-1000\_desktop.ini
        Filesize

        9B

        MD5

        1368e4d784ef82633de86fa6bc6e37f9

        SHA1

        77c7384e886b27647bb4f2fd364e7947e7b6abc6

        SHA256

        57507bed6cf91d70e66bd4cc287634889ef30b648cb7c44a4edec0e2cb68b772

        SHA512

        3cb7168e776eb564768e30eba43174014a85108ab306a7c07a1522fb42173c381a5bff9ac10944fd345dd5308061cbe2878c60d1e878f8768281c1adcf5dd85b

        Download Submit

      • memory/3036-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3036-5-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3036-12-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3036-18-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3036-22-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3036-1218-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3036-4785-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3036-5230-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download