Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8784bb93b9...df.exe

windows7-x64

7

8784bb93b9...df.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8784bb93b9c1e49191218d6c0193778dc69a4028e4cef3071ba5020b2747cddf.exe

  • Size

    88KB

  • MD5

    b9844b9f674ca46f85caaab2410a8bf7

  • SHA1

    eb94964cf3b89ec303d1e317899b55a9f39d792d

  • SHA256

    8784bb93b9c1e49191218d6c0193778dc69a4028e4cef3071ba5020b2747cddf

  • SHA512

    a2f6c5204c983ebdd6a0fe5f02c89f37042ca69586399b1762b6e67db06ac438898593d13b9c7d44a9f58cee31ae613a8fc7ff7a1f4ad88cb72ab58850820979

  • SSDEEP

    1536:pf1d93SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:pfFkuJVL8LK4ddJMY86ipmns6S

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3436
      • C:\Users\Admin\AppData\Local\Temp\8784bb93b9c1e49191218d6c0193778dc69a4028e4cef3071ba5020b2747cddf.exe
        "C:\Users\Admin\AppData\Local\Temp\8784bb93b9c1e49191218d6c0193778dc69a4028e4cef3071ba5020b2747cddf.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3392
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB14E.bat
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2140
          • C:\Users\Admin\AppData\Local\Temp\8784bb93b9c1e49191218d6c0193778dc69a4028e4cef3071ba5020b2747cddf.exe
            "C:\Users\Admin\AppData\Local\Temp\8784bb93b9c1e49191218d6c0193778dc69a4028e4cef3071ba5020b2747cddf.exe"
            4⤵
            • Executes dropped EXE
            PID:3852
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3608
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1792
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2744

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
      Filesize

      247KB

      MD5

      c956a319f9e83c47efe8f30acbcab757

      SHA1

      f964d8f25a289f378a4024c3fa1f5e5c434547e8

      SHA256

      fc6f3029b993595c3371740bbc1f7efa4b17d5aca1daea44987e39f38a3025f9

      SHA512

      f66f2b06c720f27da9f6348d25cf1dd7035d87968293e72191eb005f74cf953546f7e3533f7d269dfa291c827b2efa072f5ae3134f86e4afaba6352cdc92282d

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      573KB

      MD5

      39a67a77ab1a78736038d9ae9dacd472

      SHA1

      26a271cd615916609a10d6faff8b0c50933625b3

      SHA256

      d5368cca1488205a338f6c4164ad686df03b43f22f303489eb8f079880295be4

      SHA512

      8c0da41980ae18d3bfea44dc6f2b8db6dae72356230c4496433f875e83fe84dc63dc4ee1a6f161ad7a69a53627d6d5f0e3ac7060f00adc2b3c5b5f623f9568e9

      Download Submit

    • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
      Filesize

      639KB

      MD5

      fd93240910d7b1f0744b83d0f7bc706a

      SHA1

      508d162f4e5c8541f6cc1389a9f83c049bf848c0

      SHA256

      3803edada5f998dc92eb477e572fb4785eb4003285dab3ad2e0bc269e7ff2152

      SHA512

      d6f65e92a7afddd3e1879449a64943daeaa435fa217f386f7bee28a602a091998bf31bc29c01879228e705dcef59794c3361aa4b3417a2b653d9d40aaf764500

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aB14E.bat
      Filesize

      722B

      MD5

      ae1327c514f972f5d8f1973e849af7f0

      SHA1

      2ed26e6bfe08f82c3ee1300b436f8cb8d441b25d

      SHA256

      d61ff64942af9c5d425e0b0af6b4756d9b0c43c63a58b87c40c5db0239dbabda

      SHA512

      e2979af38e0a6fe7a6d076d7a7ce9a9b1112c1e994d1ec642f4fa615e72e4dbc6f825906956f3d9ef4c5800e87f436de9f87599f806ad1c6728c4df14b084b63

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\8784bb93b9c1e49191218d6c0193778dc69a4028e4cef3071ba5020b2747cddf.exe.exe
      Filesize

      59KB

      MD5

      dfc18f7068913dde25742b856788d7ca

      SHA1

      cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

      SHA256

      ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

      SHA512

      d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      29KB

      MD5

      44e459665555aa71b27739a4c8e0ce2e

      SHA1

      a356a45529a77684280cab95f9658263facadedc

      SHA256

      791918b0fdd6d93878a051a648a2d60d04f2e12fb5428d138dcc2b63fbf94c13

      SHA512

      ede586c602defafd40a4507989f664d3345a5b0b2172251e10f84d87e44ee56b9546e04c7f7aeb621d72be7714de56f01ca06c0cf266938165d3408cc92969b7

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-4182098368-2521458979-3782681353-1000\_desktop.ini
      Filesize

      9B

      MD5

      79a2fb76ad00a8ac07f11b6a179f5297

      SHA1

      72b4f589fd7945d8c80b370d1d3a1f2467f3eb81

      SHA256

      2f723e98c3a3556269a4d81d4a27d6a0ab13a84c5ba737493c07354a2608684f

      SHA512

      3a21c2e60e8e035fb90d428e86bb927077d8354a16f1abc291ccba4a4d7fee4f51cf781fa9202e5602a88ca70a6ba264ac49762100be5f6e09a2ec930e098168

      Download Submit

    • memory/3392-9-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3392-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3608-27-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3608-37-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3608-33-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3608-1233-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3608-20-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3608-4792-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3608-11-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3608-5237-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download