Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

88dac73483...43.exe

windows7-x64

7

88dac73483...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88dac7348311960b99e3bc957b60bd0dd69918dc10b29c2bfb8165598a409043.exe

  • Size

    662KB

  • MD5

    d3636521f0f525ed88f067d7849e253c

  • SHA1

    789f2e146a56831644746fe5fc4bd167fcb0a45d

  • SHA256

    88dac7348311960b99e3bc957b60bd0dd69918dc10b29c2bfb8165598a409043

  • SHA512

    71266e45df533732514ef54fb83cd957baef9ca71180ec379f3b2764239255f4ac152aebdae1fed7892f1af225f08db6f8081afbfb55343d0819354f29ee2dd9

  • SSDEEP

    6144:duJpC9LRU0ySj14WH+JPb7uL8zRMnJjNhAp7SO8zRMnJjNhAp7S8FRcdEKFVAh7f:RPFlTz

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1204
      • C:\Users\Admin\AppData\Local\Temp\88dac7348311960b99e3bc957b60bd0dd69918dc10b29c2bfb8165598a409043.exe
        "C:\Users\Admin\AppData\Local\Temp\88dac7348311960b99e3bc957b60bd0dd69918dc10b29c2bfb8165598a409043.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2252
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a4CE8.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2752
          • C:\Users\Admin\AppData\Local\Temp\88dac7348311960b99e3bc957b60bd0dd69918dc10b29c2bfb8165598a409043.exe
            "C:\Users\Admin\AppData\Local\Temp\88dac7348311960b99e3bc957b60bd0dd69918dc10b29c2bfb8165598a409043.exe"
            4⤵
            • Executes dropped EXE
            PID:2876
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2772
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3068
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2576

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
      Filesize

      254KB

      MD5

      8691ceb35086010047b7eb76d369f82f

      SHA1

      b5c4d1c0175d123b216659b35ad50b9d1b176b79

      SHA256

      4dd2da58f091a1232d3fec2ca607982fdf839c13d52c73fe6e15fd54f2d044e5

      SHA512

      9bf0085573439dcebdab3e99dfa42970438d2f04fcc68af360635ed7cb38079882dbf6b684510b67b411584cd263f2654532fc7776306dd98b192f6ac4059de0

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      474KB

      MD5

      6eabc463f8025a7e6e65f38cba22f126

      SHA1

      3e430ee5ec01c5509ed750b88d3473e7990dfe95

      SHA256

      cc8da3ecd355b519d81415d279ed037c725ba221bf323d250aa92ee2b2b88ca7

      SHA512

      c8fde7026ac8633403bbefee4b044457184388fb7343d8c46f5f7f272724227976bf485ea91da49e2a85dd0cfb73f260ac705d8007333dd3e5539fe5ed67e3ab

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a4CE8.bat
      Filesize

      722B

      MD5

      3aaeb86a54b004bdc564358ecd3bd476

      SHA1

      aba4efd1f886083adb75e32916b043b1027e6388

      SHA256

      6f9e00e1c63028a7a4998b629afdad0b80936be17c5b9fba8d175eca71c3b42e

      SHA512

      c51ef77949e1c7a75868189f261112ae4a0c482af75824372b422816348a5dbbb4410535fa175ede69e51b16f3cb3d5de578fc31f7c9983cf438f0e41b248f70

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\88dac7348311960b99e3bc957b60bd0dd69918dc10b29c2bfb8165598a409043.exe.exe
      Filesize

      633KB

      MD5

      2e0d056ad62b6ef87a091003714fd512

      SHA1

      73150bddb5671c36413d9fbc94a668f132a2edc5

      SHA256

      cb83f04591cc1d602e650dd5c12f4470cf21b04328477bd6a52081f37c04bd7c

      SHA512

      b8e920f8b7547aec6f5771e3e6119b01157e5e36a92c67142b0d73ffe0d501d933581e1fc752e5bba9ce819e3897be9c146bebfc0018e91318b0c99d188a2580

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      29KB

      MD5

      208452b7e09eaf8db2d52b273802185a

      SHA1

      566559b990e1c374db142c5da3037deb97bda61d

      SHA256

      7393c04c0a78bfdf128e728b94cb18c9f0056a9d3da6c4944368debbef68234e

      SHA512

      3880ac1f9ea1e4e510057764927e29497b95df2734fcda61e667e0a9164397874968a59853a60ec2bc52de97d98bd16253d0bf2474f855fd3805d19851d685ea

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-3551809350-4263495960-1443967649-1000\_desktop.ini
      Filesize

      9B

      MD5

      e2a14c19421b289cbd51a76363b166bd

      SHA1

      5d0621d68da5a444f49c090b0725c7044d47fdb7

      SHA256

      844af243be560dc4e478aa7ea28f4959f9df45f204006bade7ae52398d651835

      SHA512

      8c49bec05605c4d2b8f07f00a7a39e70f5bd4f7c84ba221c615447f947053bf3bb0496c38e2bf8b15235c493cc5a0b41f34285fed1adb4c13572f25b67e178e5

      Download Submit

    • memory/1204-30-0x0000000002870000-0x0000000002871000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2252-18-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2252-17-0x0000000000270000-0x00000000002A6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2252-12-0x0000000000270000-0x00000000002A6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2252-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2772-32-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2772-91-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2772-98-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2772-360-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2772-1874-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2772-45-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2772-3334-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2772-39-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download