Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7124121e53...0d.exe

windows7-x64

7

7124121e53...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7124121e5367139bb98a250b634bf65327fd3f4df354b202e07637ded7f0bd0d.exe

  • Size

    340KB

  • MD5

    ba1555c2c80849921f06654f22d1349a

  • SHA1

    8bdf38f63979bc8b78bab7089557398e15372dcc

  • SHA256

    7124121e5367139bb98a250b634bf65327fd3f4df354b202e07637ded7f0bd0d

  • SHA512

    c1afa6894d444a99cecb7ba34aa1233b85960e271a268324b6333f1df9a0a9e52bd45f6890c821fa65e09df07565af27a7f8ac52f870cd4e105b20fc6422059a

  • SSDEEP

    6144:fFpj74Y9Pw2nPuzz2jGzRbLWzgJsesFYdgOKCOEGQVHog7s41VxzDe:9pp9oUkz2KzZC8se9djKyVH6O6

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1200
      • C:\Users\Admin\AppData\Local\Temp\7124121e5367139bb98a250b634bf65327fd3f4df354b202e07637ded7f0bd0d.exe
        "C:\Users\Admin\AppData\Local\Temp\7124121e5367139bb98a250b634bf65327fd3f4df354b202e07637ded7f0bd0d.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2316
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a898A.bat
          3⤵
          • Deletes itself
          • System Location Discovery: System Language Discovery
          PID:2164
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2820
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2840
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2856

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
      Filesize

      252KB

      MD5

      80fe904232ff363fd974e7ba8e927756

      SHA1

      f0caf2f9d0b8ec79d37cd3879b4727a08cbd7225

      SHA256

      58fb1ef7e1d817a80ccc3f60146b05df67f5e2f2fc64b0b20fd3c4274bfccda3

      SHA512

      1977a5afd618241f40ae905bf152c0b3fb4d68b4ed088e7cbda782f68f52d6e6443d85bd816b3f8f040a7114241266cf091f2826fd78018cbbb32aaff31373c9

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      472KB

      MD5

      88eb1bca8c399bc3f46e99cdde2f047e

      SHA1

      55fafbceb011e1af2edced978686a90971bd95f2

      SHA256

      42fd78c05bc240d4ded16ac974f17c336f6ae3a1814d548021c48a942cc30428

      SHA512

      149d4de0c024e25a13a7bb17471e6f48391d4f26b1c8388672320eed1c255f84219ad7b72bbebc531ae558d5192dd4bb6d0dddd6c65a45300c8e8348a4fb3728

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a898A.bat
      Filesize

      722B

      MD5

      87c3ad16cf67200bf8234662b4d06342

      SHA1

      dc0042706649f54c2bac93ba2852cd81070db78d

      SHA256

      9667fbd574baefafa82dde5c1d75c16811ac23fe9cad446da231d18e3ec53682

      SHA512

      635c6d2d06d38596da087734346776ae2d0241faa1e52d6969473dd6e3851cba71859bcf6771cba1f1118c5a9b722ab4c2027ada0288cd7c2a325270f8d2ce3f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7124121e5367139bb98a250b634bf65327fd3f4df354b202e07637ded7f0bd0d.exe.exe
      Filesize

      313KB

      MD5

      92ae9f00c0bbcb18367fffb3dcc78327

      SHA1

      00155aac9889e95c1118792b6e62d20a43ccf969

      SHA256

      5494717e7efbba3c5e718aa9f7234ef6451455db6549edacccd36bfa4257616d

      SHA512

      300c84a6cdf79119d6dc0659028151461890df9a34fd9f8c3e483355614ca2f4bb85ef83a5673991c95b0eb5411fb4f68841cd6e224d79818ade85e902e797c6

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      27KB

      MD5

      429b669199d868949b1b209c616d9cd5

      SHA1

      ffdc6698d4a9dafba2429594cc02889dc33a8752

      SHA256

      14669ccb9df0cb4b53186454c3b4108d54b757ea7b1247348b33bf2902b1122a

      SHA512

      eb7f77f986239dde153338cac528c8bf7cbc813233ff0e1f47c9d971d5dd6651ab2ef9369f79e95576839d1b79f59850c82e0a3de987a161c8d576ccf12bb1d6

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-1846800975-3917212583-2893086201-1000\_desktop.ini
      Filesize

      9B

      MD5

      e02899454c67c7d6d1af854fdcb53b67

      SHA1

      26fb213f7c299c2a4d8c4afd234ee0b751d7a30e

      SHA256

      0e67e90646d3ba7b46f935b205c9f89e8bff2dca7aeda3cd5dfb93868b262315

      SHA512

      e1519bebf62ab4cb28e630a201312812e04f815ec0663f7b68b478da97c0bf7c7c2238a8632540d3d1f37acbe83919fb198b39ebeb222c19faa2130ab65ffffa

      Download Submit

    • memory/1200-29-0x0000000002560000-0x0000000002561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2316-17-0x00000000001B0000-0x00000000001E5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2316-0-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2316-19-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2316-12-0x00000000001B0000-0x00000000001E5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-92-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-44-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-90-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-38-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-97-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-485-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-1873-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-20-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-3333-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2820-31-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download