Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c997e00085...25.exe

windows7-x64

7

c997e00085...25.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 21:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c997e0008550edc54333585cf5a0f08512b75ef1b1628aa78325ba8269db3c25.exe

  • Size

    573KB

  • MD5

    48cd514c7aeb65e5c99c5b211b721c83

  • SHA1

    02cb9f79e16fb3efc3100cd53d033b9974783448

  • SHA256

    c997e0008550edc54333585cf5a0f08512b75ef1b1628aa78325ba8269db3c25

  • SHA512

    725e64e2339e499683934fb38af3ba5a04a36d663c2657c98a10724399f4fa08d2f5f829b9934e0a8e85e911e258f70a78960438a89444744d2e8491f9733c0d

  • SSDEEP

    6144:cuJpE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQfu:I7a3iwbihym2g7XO3LWUQfh4Co

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3508
      • C:\Users\Admin\AppData\Local\Temp\c997e0008550edc54333585cf5a0f08512b75ef1b1628aa78325ba8269db3c25.exe
        "C:\Users\Admin\AppData\Local\Temp\c997e0008550edc54333585cf5a0f08512b75ef1b1628aa78325ba8269db3c25.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2324
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a96D1.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3400
          • C:\Users\Admin\AppData\Local\Temp\c997e0008550edc54333585cf5a0f08512b75ef1b1628aa78325ba8269db3c25.exe
            "C:\Users\Admin\AppData\Local\Temp\c997e0008550edc54333585cf5a0f08512b75ef1b1628aa78325ba8269db3c25.exe"
            4⤵
            • Executes dropped EXE
            PID:1068
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:528
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3208
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3364

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        247KB

        MD5

        084f158d76ee68773508f2d0e41ec5d5

        SHA1

        004ce64011ba5a776132ea0f96ef49fbefe4ab49

        SHA256

        ffcdde9088642de643b1ce786bdab139c6e18b1cfb0ee12720024aadf4aee66f

        SHA512

        e551ed3e343a9b49d384e4e0dfd2b9db027dc3c635d1484cdf397e900bf4550a12b83a07748efbf88b685bbc30f3efb4c563325b5e9aed68d601c9ba17713f59

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        48cd514c7aeb65e5c99c5b211b721c83

        SHA1

        02cb9f79e16fb3efc3100cd53d033b9974783448

        SHA256

        c997e0008550edc54333585cf5a0f08512b75ef1b1628aa78325ba8269db3c25

        SHA512

        725e64e2339e499683934fb38af3ba5a04a36d663c2657c98a10724399f4fa08d2f5f829b9934e0a8e85e911e258f70a78960438a89444744d2e8491f9733c0d

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        cda7714d2ec36fbd5dfd358b3cc885ce

        SHA1

        410c57ed71630d168738f40cea3ccc65529b0ae1

        SHA256

        d2c7832ddb52cfbb750dfffae048fd9c6a9cf06a52b7de91a0be255dffadef4e

        SHA512

        89cc9f52ae02711a9f90f2ba8e6b62c8ac442b967903067e1f3c5c12ff3ca012b62b8af4e4e7c3762b4c3ee255826b509fdb064c0d2861a2c2953a02c4fc1714

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a96D1.bat
        Filesize

        722B

        MD5

        ef5b7fa09c034be7e2cdb1e63a1e8d57

        SHA1

        ca150ab153d75c3ac9304bd7a7b860a8e087135c

        SHA256

        5bf816cd68e4990f4725fe93f844253954e0af737eaf055abb88e131b21f5445

        SHA512

        67fad9dda358be7def4e8b985fbe0409095abbb2c2b4ca1f52295afd426458d00b1e74900e4ca99a1ddba26b71ecb7ef718bdaf6022b45f0bb7d46eb41acc2c0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\c997e0008550edc54333585cf5a0f08512b75ef1b1628aa78325ba8269db3c25.exe.exe
        Filesize

        544KB

        MD5

        9a1dd1d96481d61934dcc2d568971d06

        SHA1

        f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

        SHA256

        8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

        SHA512

        7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        3a5953621139d101a724889704eb0a6a

        SHA1

        da34c7e0efcff7dead3f7189cc829c7da642ede6

        SHA256

        6c0930c74442a286db1c2d3c0c84d652ff5b8175d3d3b8ac90501c480df5f44b

        SHA512

        4e10a0d8ba46ad723d4fa1cf496fcb07e0b270dd8ab6cc31b4f071915570f99861e199fcb12d47d219ca6c3123462ec8cdc329abdd3f6724aca2ea318e4ea245

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2990742725-2267136959-192470804-1000\_desktop.ini
        Filesize

        9B

        MD5

        2efce5174bcf8d378a924333f75e26ad

        SHA1

        4fe6e1d729b55d42eb9d74aca11b36a94402de14

        SHA256

        04ccb9bec2864153c72852867d8e65dca07eca4e5edcfb4beb62cb364dcd91fa

        SHA512

        24684969632fb0562a3a7a5fec91d869d627730d8e9d83a2b17e326d7047e3fbff205eec207914e42ecd50fef68a212c19f3599ded271c00e66acc22f1f04c16

        Download Submit

      • memory/528-27-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/528-33-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/528-37-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/528-20-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/528-1123-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/528-1234-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/528-11-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/528-4802-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/528-5247-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2324-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2324-10-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download