Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

269d22000a...7d.exe

windows7-x64

7

269d22000a...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    269d22000aaa7278e3eb86dba01c1e9cced1911fccf7dcea84c7c59e9060397d.exe

  • Size

    3.0MB

  • MD5

    8d282225f46571f7f75b702f5f7e85ad

  • SHA1

    72ea49277feec83f2b609ba32e6d5321ad55f7e6

  • SHA256

    269d22000aaa7278e3eb86dba01c1e9cced1911fccf7dcea84c7c59e9060397d

  • SHA512

    668fe66324c211f207bbfae852a674e175575896abeac66c1a90567e66341828e6057b1fc7eef79f8d1d786129e41b464067196dd2fcba5b87c8fc59e8a1c8e5

  • SSDEEP

    49152:87QIGwdA0g6CupcLp0pHwjOLaUIeJSBTXJeKPTSuN0o8hedRW9GoNeDJ:RIGH6CupcLp0pHnFSNXJ3TSW0oTW9jNq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3468
      • C:\Users\Admin\AppData\Local\Temp\269d22000aaa7278e3eb86dba01c1e9cced1911fccf7dcea84c7c59e9060397d.exe
        "C:\Users\Admin\AppData\Local\Temp\269d22000aaa7278e3eb86dba01c1e9cced1911fccf7dcea84c7c59e9060397d.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:832
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC1C.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2196
          • C:\Users\Admin\AppData\Local\Temp\269d22000aaa7278e3eb86dba01c1e9cced1911fccf7dcea84c7c59e9060397d.exe
            "C:\Users\Admin\AppData\Local\Temp\269d22000aaa7278e3eb86dba01c1e9cced1911fccf7dcea84c7c59e9060397d.exe"
            4⤵
            • Executes dropped EXE
            PID:2860
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2548
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3476
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3756

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        244KB

        MD5

        f2e9a510a40e521b50f6839eec63d3ed

        SHA1

        e7586271acc3d0dfcc54e072c486fa6be319f46b

        SHA256

        fee06a11569ff6b9c664f8dfce23e6f6e2d0e13d4405c5e7224a0c1cf551b9b7

        SHA512

        6a67164ea999f16665f2928cdbd494ba8ea7c398e8cb190936b73b214ba5bd36ded4ab1f5d07938fe4af4e0984998745624be808fae06af8888fc74a6cb04f43

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        1e505fc0d93301d1ba0b5b5f3a76467d

        SHA1

        7c9e293cbbbca5a82e564a1ee1c9bd0b3814e4c6

        SHA256

        10cbd87bbf6dd1c99b7c0a3fd907b0dc7dffa09cdb6db77380d3caf501f59569

        SHA512

        1ca8ff154fb426bc4692e132cad0148de0663aca919a0cfcf2e1c4aafedb5c971fb27b08343db91dac71dbb19b81a6076e17856e68e71385323c2a523262801b

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        2500f702e2b9632127c14e4eaae5d424

        SHA1

        8726fef12958265214eeb58001c995629834b13a

        SHA256

        82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

        SHA512

        f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aBC1C.bat
        Filesize

        722B

        MD5

        772f2af63de7ea8e6ccdcb95d9b266cd

        SHA1

        55f9aed3e615ac94579277f45532fa6881a081e1

        SHA256

        cf81c9e9b168fb017ae87eb5ead342fdcaf14eddd62104f6bf9b1a93a4c0c090

        SHA512

        a7e2b4079444d831fca0611248bf898b74effce8866a57aec2df9848b9a33dd49c9cfe99550e303f12a5ca4ffa2edca3f7e18186bf8118d95e397fd83682918f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\269d22000aaa7278e3eb86dba01c1e9cced1911fccf7dcea84c7c59e9060397d.exe.exe
        Filesize

        3.0MB

        MD5

        946a34b9908db3f1c9a10d100ca74761

        SHA1

        e2502980bfeee547bb38888af11d2e3ab764a1f8

        SHA256

        6121bed8071607efe9743e2c5582395ebcac5cbab77da05d8120aa9d308d946e

        SHA512

        84ff6a78c80b36db6ef55c7df51bc7432cf83752c33e4c5e7a88fa540d2f7fe26ed47b5bb5bf16a768e087fd1633e65f841b591cc39c0b7f1f18b40cbc3506a3

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        f352e9f0f79f4824907e742caa681192

        SHA1

        e966dd9264543e3425ff991228fc2800f92fdd70

        SHA256

        23f5e80fd82e45a3133287609845215b73d8e2be13a65b0e116185e7531a2766

        SHA512

        11c22a372dba41cef48f07a3dc608cbd7fb5c3e3dd5effc977c6339709f1e26a8e4395cee61fd3b29cb264b69cffebd989ae084c551cbf7cd4650185a1fb3513

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3419463127-3903270268-2580331543-1000\_desktop.ini
        Filesize

        9B

        MD5

        2efce5174bcf8d378a924333f75e26ad

        SHA1

        4fe6e1d729b55d42eb9d74aca11b36a94402de14

        SHA256

        04ccb9bec2864153c72852867d8e65dca07eca4e5edcfb4beb62cb364dcd91fa

        SHA512

        24684969632fb0562a3a7a5fec91d869d627730d8e9d83a2b17e326d7047e3fbff205eec207914e42ecd50fef68a212c19f3599ded271c00e66acc22f1f04c16

        Download Submit

      • memory/832-11-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/832-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-27-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-37-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-34-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-1233-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-4795-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-9-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2548-5240-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download