Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

33364869f4...56.exe

windows7-x64

7

33364869f4...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe

  • Size

    160KB

  • MD5

    0ec51b9dd23acc5d4de0cbff6e7725b2

  • SHA1

    5a7e4a6dff4875097306b1b097c07c81f64c7654

  • SHA256

    33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056

  • SHA512

    1d3c2e883bae8057da9d018add7fb514f7f1579bda760eb833de5ecbe02cb9bd4ba73cd9df81c035f8cd99b1ee00e7c88ca697f8cddcd090604311d39d3906e8

  • SSDEEP

    3072:pTgkuJVLi99djmMGWBgh1002J8emEu3T7TO+9Z9sTOVrZzxVxU:LuJKYWBW1Wu3rOOuOVr8

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Executes dropped EXE
    PID:1112
    • C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
      "C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$aB6A2.bat
        3⤵
        • Deletes itself
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2236
        • C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
          "C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:2740
      • C:\Windows\Logo1_.exe
        C:\Windows\Logo1_.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2320
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2264
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
    Filesize

    254KB

    MD5

    e07b271414d7901d4be3fef46b6234ad

    SHA1

    383c79a26054fb1d00f931222e5f7fd7cdc2987b

    SHA256

    84bb3d64de9f9a1c3b1c2359204a1986fdbe17ef226274213bb17fbf0ca2198c

    SHA512

    d989a243a0c6e0f1fa1e562f49be1263fd2d7962f289d4a0108f046ef6f2cd87b262a4b2fbd4a94be3f9e39ac656b402f8d8aa40600db3ee02b24cf0d78e08e3

    Download Submit

  • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
    Filesize

    474KB

    MD5

    6eabc463f8025a7e6e65f38cba22f126

    SHA1

    3e430ee5ec01c5509ed750b88d3473e7990dfe95

    SHA256

    cc8da3ecd355b519d81415d279ed037c725ba221bf323d250aa92ee2b2b88ca7

    SHA512

    c8fde7026ac8633403bbefee4b044457184388fb7343d8c46f5f7f272724227976bf485ea91da49e2a85dd0cfb73f260ac705d8007333dd3e5539fe5ed67e3ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\$$aB6A2.bat
    Filesize

    722B

    MD5

    599dbb550286ea5cc2df67776fa287b5

    SHA1

    3f8e985e3ea967d54e1673da576b82f12a9856e2

    SHA256

    71dab3702fe8aaedd8de02f9245ef5fe99c932318ff4b1999746fd65cfb72d6b

    SHA512

    2aeb75bf1561acd083433e5bfdc212faa6eadfae0abfba0dca17e67dce8a95d41ead2664af57c80580282f778dab1293bd2b8bdad479a10e6ca2dec76a70a247

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe.exe
    Filesize

    131KB

    MD5

    16438a96a8adb85472ca72da04701b29

    SHA1

    b1f5ee8bc083804de4de820255107f6541c84735

    SHA256

    9291cd97d2f1b119438f16e97ea75119f19fd959ec5414e84b337530d692e289

    SHA512

    58f659a29cb34245a261b7666b1cda4b76f2df1039f3713dda6ff5a97c33b4cc273b110d10b4131a6a5c13897efcfa9a5ef3031e0e5fb14db1adc0ac1ef25dcd

    Download Submit

  • C:\Windows\rundl132.exe
    Filesize

    29KB

    MD5

    266614ad6b767347ec5a54a3d233d117

    SHA1

    df820e937b640d5c87ed87cae5b472ced3ae380d

    SHA256

    4fce448ab6e2fe63c7fb3ace3da1099037eb8d73ffb6484f90660778ee13b086

    SHA512

    d7d506be66ee98edaa6a1e82fdffafab7d7654ce45f214d8ce1eb4bafcd67df46fd5fa4533632e6ea8b1be1406cc42d2584909eea454c07a22726a19257c7bed

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2872745919-2748461613-2989606286-1000\_desktop.ini
    Filesize

    9B

    MD5

    82fa69b12ac2df558c85e86426eb13eb

    SHA1

    ad90b8756e3bebe04450f6950419c761844d7b7e

    SHA256

    f7622a3740b818722e46a36b5aeb1c0ba6bec25bec811e3dcfe0b5ba1d728775

    SHA512

    3c4da39d3b0d68ade3ff8ded69bf1e78a1ef88f7ed70c85572ae06e6be78155ffc2f557f577208e579191be2d8be2a1fa833b9ca74a35bb69cf9c32c23f4d99f

    Download Submit

  • memory/1112-31-0x0000000002590000-0x0000000002591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-541-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2320-33-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2320-42-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2320-48-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2320-95-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2320-100-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2320-1877-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2320-3337-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2320-18-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2672-0-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2672-16-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2740-35-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2740-28-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download