Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

df47f20682...c3.exe

windows7-x64

7

df47f20682...c3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df47f2068248e243c5bfa0debaa97d6b5be4b47ad0c7adb00d06f270493fa5c3.exe

  • Size

    56KB

  • MD5

    2565a933c9f2dcd7157e6860263d00e2

  • SHA1

    d6c06d875cc84b43aa4641d7a564232c61d077ef

  • SHA256

    df47f2068248e243c5bfa0debaa97d6b5be4b47ad0c7adb00d06f270493fa5c3

  • SHA512

    b0e59f6f68a4fca76545fa8361868ec05992f94878fa6de4a7ff64fd4ac104810b8aa431949a6e8165d72a6f5706e35140813ed22af0064031cf36859f8e8faf

  • SSDEEP

    768:p4L16GVRu1yK9fMnJG2V9dHS8+L/QasvFEpYinAMxklal9qYi2lauAMxkEq:p4h3SHuJV9NqL/Uve7Hxaio7YZxG

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1360
      • C:\Users\Admin\AppData\Local\Temp\df47f2068248e243c5bfa0debaa97d6b5be4b47ad0c7adb00d06f270493fa5c3.exe
        "C:\Users\Admin\AppData\Local\Temp\df47f2068248e243c5bfa0debaa97d6b5be4b47ad0c7adb00d06f270493fa5c3.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2476
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$aF892.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2376
          • C:\Users\Admin\AppData\Local\Temp\df47f2068248e243c5bfa0debaa97d6b5be4b47ad0c7adb00d06f270493fa5c3.exe
            "C:\Users\Admin\AppData\Local\Temp\df47f2068248e243c5bfa0debaa97d6b5be4b47ad0c7adb00d06f270493fa5c3.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2740
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2716
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2736
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2532

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
      Filesize

      254KB

      MD5

      9321380fe6fc781a717232be48efc4a8

      SHA1

      d83a59fce89a59517700cd3b4c425dc82fd1edb8

      SHA256

      4fe5b9527b45400d8540a2e10997d27042b573e45ac23b1ef3e512928c6defb6

      SHA512

      5549db64303ab04bff844a8ad157a57c3c298c09871b74c3eb2caa6dcc1c859ff96c2b23deff2c5ca70ba688e17e1719780294d2baa5e9abbace19fad0429843

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      474KB

      MD5

      a3df96290a8e846cd9875eb80404f85d

      SHA1

      6cc49cf230cac2ccc1f90a54ec40a5a4b1f32ce4

      SHA256

      332869a7b38c3725d9f888a10ddfb9bebc5820cab8882053454fa42430514c6d

      SHA512

      eb8b9edbee01a67008d0c4128ee0cdbbcc54a9faf60c72c8cc3b26f497a11f1b5774812968ceb68ea46607a9b5e674ca2638d7368c2255cf584a9ef7c86553e6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aF892.bat
      Filesize

      722B

      MD5

      585af02b903f8541450667b0f9aef347

      SHA1

      823e4fd18feb1124bbaba5e9b9418d719d8fb7d0

      SHA256

      d8030fda0707ef31942a95148cd0fc94377fe394b99b8f03d38b4609b0fd4d0b

      SHA512

      dbc837b0fdc3e09d642bf8734703bd558e53364ec7e904393ff524b53b34660501a5546a6bf1be61eb9948fe9cf58dce19889fa2e0add49986c71becc6a64c84

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\df47f2068248e243c5bfa0debaa97d6b5be4b47ad0c7adb00d06f270493fa5c3.exe.exe
      Filesize

      26KB

      MD5

      9e4d73e24d912baa6e20a98fa4f98df3

      SHA1

      965fbbbaa4156dcb5c6391df4d245bbf94d62c0f

      SHA256

      28c6ce3582292ca5df81b9f8996369e82d489cc894cba9ed6b3e6678e67fc7f1

      SHA512

      0fc58e74c7a0773a6338c35656484f2e5682a55a9c6ca03bc479728c617afc99295a3dcb52d7d414d8f5cb9c37704886f54e26acf47a3d69ebb931ce2e3bd4f2

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      29KB

      MD5

      80fb683ec1520da982b68ed12e571fd8

      SHA1

      e6c98d2fb082b7f8c260463d7241dba097796b8e

      SHA256

      9f4c161eaba3525f1e15ffb8a23799c4ce7f918a3ee3f97ee4d51e34b6aa30d0

      SHA512

      12d3d4dcb7c1ae451376609e0e1d27649229a00b52e88b3fb6d920d994e792041e48cc0ad3107881af31b451b0396fef666b53c55a8708eeb647b69bd6f1b088

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-2212144002-1172735686-1556890956-1000\_desktop.ini
      Filesize

      9B

      MD5

      9810b812fea5407a7c6a6b912eab6de9

      SHA1

      653710a103c34c6d87e85d547de48561b1579927

      SHA256

      497dc92fb09ed6740a1e704ddf5f45daf1d330f0977aaf1142604be15753e7ef

      SHA512

      a23126d1624a391a08931a8f98ec9c26bc5bbe75de0f111bcdbf17b5bbe9bc6e748ca58e52c96fb9ea80509d5ad1c90bf1d92e472b08b2532321106ba1aca2cd

      Download Submit

    • memory/1360-32-0x00000000025B0000-0x00000000025B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2476-18-0x00000000001B0000-0x00000000001E6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2476-17-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2476-12-0x00000000001B0000-0x00000000001E6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2476-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2716-34-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2716-42-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2716-48-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2716-95-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2716-100-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2716-201-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2716-1877-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2716-3337-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2740-30-0x0000000000E80000-0x0000000000E88000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2740-29-0x0000000073F9E000-0x0000000073F9F000-memory.dmp

      Filesize

      4KB

      Download