Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

45aa4ca3a7...93.exe

windows7-x64

7

45aa4ca3a7...93.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45aa4ca3a7d1a7581b1a57f410da318f5cd7f7c3245de154672b4a9e6b4b7393.exe

  • Size

    88KB

  • MD5

    872feeda0dd842b2faa66a7f0cba7a48

  • SHA1

    a89b48f540510c7a6d88a5ec748bf27bdd69ee54

  • SHA256

    45aa4ca3a7d1a7581b1a57f410da318f5cd7f7c3245de154672b4a9e6b4b7393

  • SHA512

    dc42388860cdba80fd46ea920df924965fe72f0a804b2279fbe36ac9c8c9a3c7a94f9cb77a2f3afbab86a3b346d632a25dd2d1393345f4240bfb0ab4f3e5e6c8

  • SSDEEP

    1536:pJ3SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:pJkuJVL8LK4ddJMY86ipmns6S

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3512
      • C:\Users\Admin\AppData\Local\Temp\45aa4ca3a7d1a7581b1a57f410da318f5cd7f7c3245de154672b4a9e6b4b7393.exe
        "C:\Users\Admin\AppData\Local\Temp\45aa4ca3a7d1a7581b1a57f410da318f5cd7f7c3245de154672b4a9e6b4b7393.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4476
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9971.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:916
          • C:\Users\Admin\AppData\Local\Temp\45aa4ca3a7d1a7581b1a57f410da318f5cd7f7c3245de154672b4a9e6b4b7393.exe
            "C:\Users\Admin\AppData\Local\Temp\45aa4ca3a7d1a7581b1a57f410da318f5cd7f7c3245de154672b4a9e6b4b7393.exe"
            4⤵
            • Executes dropped EXE
            PID:1308
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2864
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1820
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1636

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        247KB

        MD5

        c3590ef22083c7d27933ede7cce7de0d

        SHA1

        8baedc723d5ffb7265fa460da9d3e757fdde9b76

        SHA256

        acbfe46f3407186af9f90a7ca7385f58ceb7bb731b8d63d0d5aad5a1881a3fd7

        SHA512

        ca283485a9a7e273ce20a78c24dbbebf747797842159c684d956905b0a3f718d5d43b24d9cd0f019e0c557f1baed4f095a2ed1f98090d982baeabf9b780787c7

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        5adf6669b309138bee37e7d1e2c7d075

        SHA1

        483ba48f02bdfb2478b2438ad1181aa06f023c92

        SHA256

        1ef59dc0fec7bf45019ea6ce003ee5d6d1c1293e5e0cbbf4bc57fb7e105930af

        SHA512

        48330121a6118a46c080ec3e30b2f0659b5e055b418936b6ef0d5087396863f28df0a45ab3930328a39859bf1c68d137676ab548914047e70a1d471acd39a2b3

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        dca0158a64fcf25bfe34506eda2dac14

        SHA1

        e933db0d69b24db5d274463e8bb4ce9cc820c283

        SHA256

        b83bd9c6b40b2367934dfed9e59b519b7e0d464a4b3472689c031ccb8198b2c2

        SHA512

        714960a7a693237eca4bb977ec37f7f577acfbab982f670f9f14a41445d60fa46b29aa0adf4b032c48e376a5167a20a9b158ca923e6956154b28e86e8d5d439e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a9971.bat
        Filesize

        722B

        MD5

        5b13b8db87b63810b3b79c71bbc0cb6a

        SHA1

        a26bd98065788c3f18a7e8cf78c7520d5c3438a6

        SHA256

        479c748cf85afeea229bab56f8683f921290e04aae2194fb637fa5463f2136b1

        SHA512

        d03160105fbbefd8ae687d44da5c806509f201447e69f4901a2c6807e5ecf4943c077418ed69e37b8c15dda80fa8cbb253381a5bd519512f697b4b348c3ffb16

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\45aa4ca3a7d1a7581b1a57f410da318f5cd7f7c3245de154672b4a9e6b4b7393.exe.exe
        Filesize

        59KB

        MD5

        dfc18f7068913dde25742b856788d7ca

        SHA1

        cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

        SHA256

        ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

        SHA512

        d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        968fbfebdf34cc885e51e8bcaa182f2e

        SHA1

        91df1a0b7046e2eaef764223f16a5c9dee88afdb

        SHA256

        5f7bff7aecb05283cfb2d2c3675e507495f6e06200be3b0ab1e00f76f038a5ce

        SHA512

        28dfdbc55a467a9ff5ce094532246c2ae748b9473fa80ae7485249f0d3493549970e16df948ebfcb080b3e3e15a6b605aa491cbd36d2537ba2c99140eefcf065

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1705699165-553239100-4129523827-1000\_desktop.ini
        Filesize

        9B

        MD5

        2efce5174bcf8d378a924333f75e26ad

        SHA1

        4fe6e1d729b55d42eb9d74aca11b36a94402de14

        SHA256

        04ccb9bec2864153c72852867d8e65dca07eca4e5edcfb4beb62cb364dcd91fa

        SHA512

        24684969632fb0562a3a7a5fec91d869d627730d8e9d83a2b17e326d7047e3fbff205eec207914e42ecd50fef68a212c19f3599ded271c00e66acc22f1f04c16

        Download Submit

      • memory/2864-27-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2864-33-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2864-37-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2864-20-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2864-1233-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2864-4785-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2864-11-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2864-5230-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4476-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4476-10-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download