Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fec54214be...ae.exe

windows7-x64

7

fec54214be...ae.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 01:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fec54214beea7d09d0ccfaba712c320cb86bce6095e351d0d90787005c4dbeae.exe

  • Size

    227KB

  • MD5

    e44b50e764edadbefeefabd02d651c9d

  • SHA1

    23a19c728f3833545ecd22d1a6621f39a9f8d2b9

  • SHA256

    fec54214beea7d09d0ccfaba712c320cb86bce6095e351d0d90787005c4dbeae

  • SHA512

    24c9079e4a37b3c8f6e86fae272fb552ed6e4831c427b0c1b3f0d998e30c548466b5a5339dd91cde35a8005267e1de1e457e960b3eedf18ff57047059486ffc1

  • SSDEEP

    3072:p/kuJVLUdeKzC/lzMPySe8DnpeIPipoHbKvXWXz9LRnsaJUS+6wPXD3fxNW7gq5n:yuJWdeKzC/leySe8AIqpoHbnDns1ND9m

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3436
      • C:\Users\Admin\AppData\Local\Temp\fec54214beea7d09d0ccfaba712c320cb86bce6095e351d0d90787005c4dbeae.exe
        "C:\Users\Admin\AppData\Local\Temp\fec54214beea7d09d0ccfaba712c320cb86bce6095e351d0d90787005c4dbeae.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4476
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB110.bat
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1676
          • C:\Users\Admin\AppData\Local\Temp\fec54214beea7d09d0ccfaba712c320cb86bce6095e351d0d90787005c4dbeae.exe
            "C:\Users\Admin\AppData\Local\Temp\fec54214beea7d09d0ccfaba712c320cb86bce6095e351d0d90787005c4dbeae.exe"
            4⤵
            • Executes dropped EXE
            PID:2424
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4672
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3988
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:4344

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      573KB

      MD5

      49b11dfde0edb07ec3623eb5e56b7b9b

      SHA1

      0df07e430ddd168223870a73c3802b26185ba067

      SHA256

      2ec59fe1761b216c185b023d1b3f4c46baa8d8e8536891a0c7ecb3023d97990a

      SHA512

      7487a05416c60d09285d21c4569fdbe45b13c5f945966264c9aefd5d4c7ca1de44ae2d8ef518f7d5312307914aba756b03f87440db6f131afcc9c0a2dbdd98d6

      Download Submit

    • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
      Filesize

      639KB

      MD5

      c8d281da4c32df16eef470c27c8cb459

      SHA1

      00efc9f6844bfaa37c264b6452c6a7356638ab10

      SHA256

      058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

      SHA512

      e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aB110.bat
      Filesize

      722B

      MD5

      7c789813d7bbf71351ddaa427822cda9

      SHA1

      09127c6516489fc22b9314df6019760087b653bd

      SHA256

      530dbefaa473af45a4e555c9f93a6bc6fc3a1ef7e713dabd990c9f2de41da94a

      SHA512

      d829ee3de4d9764668cb5f5f1f0ddd7b4210a4db8d6f151c371dd91c1ce397bfda4c473b8cc947e15e537a9427a19126952bc217b86ae3d6d9d9b3b5af7c467d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\fec54214beea7d09d0ccfaba712c320cb86bce6095e351d0d90787005c4dbeae.exe.exe
      Filesize

      198KB

      MD5

      e133c2d85cff4edd7fe8e8f0f8be6cdb

      SHA1

      b8269209ebb6fe44bc50dab35f97b0ae244701b4

      SHA256

      6c5e7d9c81a409e67c143cd3aed33bddc3967fa4c9ab3b98560b7d3bf57d093d

      SHA512

      701b7d1c7e154519d77043f7de09d60c1ff76c95f820fc1c9afca19724efb0847d646686053354156fd4e8a9dab1f29a79d3223f939a3ff1b3613770dc8603b1

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      29KB

      MD5

      0a22c1ea4b867a82271e2173bbb7ccfb

      SHA1

      cae0f4ee49b426c3eefe5af8da008be2d09e2b6d

      SHA256

      e01d2dfa8289fb6d4483e18e8f3f8eecea75b783e401908c227f87078195eddf

      SHA512

      b940cb99532fb7830dcd6f6b52fd933ca1431b21b4233703c48013fb612246300029b725aecfcfae33879581d59e6f5f7c033db084c65e848c4b8b5c97cb2e77

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-4182098368-2521458979-3782681353-1000\_desktop.ini
      Filesize

      8B

      MD5

      646a1be8fae9210cfba53ee1aab14c96

      SHA1

      8677ff347131a9c8304f10b48012ebd8b075030c

      SHA256

      660d57a3dc71884e70a9cbd6ca26d02872f4706abeb098c6d35f6b217462edf5

      SHA512

      812b716a422628d486a4c78c66a85c641f13976537fbd452e14fab9a6c440b442632df04de8437c485c9c8164e3b3499201d3dbe681b36fe6bec749df1ab75e4

      Download Submit

    • memory/4476-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4476-10-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-27-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-33-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-37-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-20-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-611-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-1234-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-4792-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-13-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4672-5237-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download