Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3a70df5701...06.exe

windows7-x64

7

3a70df5701...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 23:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe

  • Size

    3.0MB

  • MD5

    2df06080847c440edb9dca506b20a330

  • SHA1

    9ef81f44bd467a33a14fb14cb47c6ff954765147

  • SHA256

    3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706

  • SHA512

    01eee6ed888321ad16a26f7ec910e13d1cb3836f1cd890394a5c970f44378eb3f9fa71c07198d0a8bdc7ce074f9b427c7884beeff2f9a6a31b065b7135b2ad91

  • SSDEEP

    49152:K76IGwdA0g6CupcLp0pHwjOLaUIeJSBTbJeKPTSuN0oqhedGW96oNeD:1IGH6CupcLp0pHnFSNbJ3TSW0oaW9nNe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3508
      • C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe
        "C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4416
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9CDC.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3280
          • C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe
            "C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe"
            4⤵
            • Executes dropped EXE
            PID:2764
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3696
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2896
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1524

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        244KB

        MD5

        86c431395f7a9682dbb3a9403349d55c

        SHA1

        0c164a4f0b5d2f6b840eb46f6963f49c6f749363

        SHA256

        054f5874dd3032ea612bc8981fa45545387f7793450eb408d4307368fd1b4895

        SHA512

        94c00ec6d392cf2f0cb80e0c50a2707ce555fdd638eb263ba9214158de62d66d90971aa833e05b55639ba9b7a484fae412dc7de904ac06831d35dde6149d1180

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        3de8be3db894d7c6864dd2f4ea2ccc38

        SHA1

        ae0618c70156191f38c0b2e65a733f5534acc6c2

        SHA256

        38484084c919c4f70a099da3595ae9749706e040981b03deab6bf57c21176af3

        SHA512

        0249ba7e2de03a371b9b4016f16a77a6ad598170dd5384d7f88e11f798a9884dcaf581ad0764f1d9d9c6d2a556804708267d526372c025078ef79947ccaa1622

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        2500f702e2b9632127c14e4eaae5d424

        SHA1

        8726fef12958265214eeb58001c995629834b13a

        SHA256

        82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

        SHA512

        f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a9CDC.bat
        Filesize

        722B

        MD5

        7b623ad85c8c2431c0131fc1fbfc9cc4

        SHA1

        703fd859123d07b3600ba95780323bd4632db1ea

        SHA256

        e61fdb086fdb94529201f329ed735f6c965bb220cad4688b014b3016c7612ed6

        SHA512

        6b53d0e565c298658de8f733feaa251833a48cec386c9228b0949cc5b2a237d463e762a66ee3cc35c596eec40b50e0e671a821414e140c753211db610b958bad

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe.exe
        Filesize

        3.0MB

        MD5

        d9d63c77ed65a20c102e7a1a0df2b581

        SHA1

        8483bfba9e325a2c3e555bae3155e5d0e9ddcc9f

        SHA256

        c96c258af32735e1f37f64b38a5f00e6618a574e48525be1b18c3eb60f79b17d

        SHA512

        5fec2c4775bcb3615f16cd418512c873c8938d2235fd4ea40788f40327a2c8844c8c13e46aca43d85a7ada67aee299f430b49654779b44b7e0c8ead03ff7e4f3

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        66b52612270a69c70fcb753c71db38af

        SHA1

        56c10089c0cc6d1638ec3a9818411040c0684cf0

        SHA256

        bdcf0b120cbba26c70240bec100cf50964765bdbba76565d3d1ecc788ffded64

        SHA512

        9be0b6f733a1e03626ad978b057405bd894e9f8179f5292e2ae62b1e2ee337e501233f58f75bf5643e12fdb68e6e6d2a3e146ba6641a448c089cd2e153d729e8

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3419463127-3903270268-2580331543-1000\_desktop.ini
        Filesize

        9B

        MD5

        5e286801abdc6ca5d3091665a72ecd7c

        SHA1

        87e0b4601ab0b05784a1059a45d72d807b0e2cbb

        SHA256

        131ccc46b756e5373dc2f2d37625bfb980a48f2f2287585da364166cf2e709b5

        SHA512

        51506d6adb68cca9e21fcddfe9672b91352cdb4f3c5b8c2da40219c73d2e7724776cd8701ff68449720c0aa398fe4f7665dabae2bd5147d42c5b6882c99f0bf1

        Download Submit

      • memory/3696-27-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3696-34-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3696-37-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3696-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3696-1233-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3696-4795-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3696-8-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3696-5240-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4416-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4416-11-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download