Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7f0532e317...a6.exe

windows7-x64

7

7f0532e317...a6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f0532e31738e042bc42c63b19d2a6660bb62e684c3c2ebe09aa162d19234da6.exe

  • Size

    694KB

  • MD5

    2631cc61a8502963ea8782a366641b2b

  • SHA1

    2118f3a9cfa867276af640a639eae097f57c6965

  • SHA256

    7f0532e31738e042bc42c63b19d2a6660bb62e684c3c2ebe09aa162d19234da6

  • SHA512

    dde8a6affac62da52dd7eb130b57fe93794b9331fe6f9576c04ace8ab3c25ea19b80faa6a31eb7927873b792de5b596efa561cf53f02dc2315c83dc07d026840

  • SSDEEP

    12288:K7+TNcKAEJ6RLtx4c8PF39A55nJTuxGfqseVF+J92QpCgGy9RTPq6xy3NhYhYUnK:K7uNcKAEJ6Rpx4c8PF39A55nJMGfqse3

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\7f0532e31738e042bc42c63b19d2a6660bb62e684c3c2ebe09aa162d19234da6.exe
        "C:\Users\Admin\AppData\Local\Temp\7f0532e31738e042bc42c63b19d2a6660bb62e684c3c2ebe09aa162d19234da6.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1740
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$aE57F.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2712
          • C:\Users\Admin\AppData\Local\Temp\7f0532e31738e042bc42c63b19d2a6660bb62e684c3c2ebe09aa162d19234da6.exe
            "C:\Users\Admin\AppData\Local\Temp\7f0532e31738e042bc42c63b19d2a6660bb62e684c3c2ebe09aa162d19234da6.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2604
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2668
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2720
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
      Filesize

      251KB

      MD5

      1710cf6c27788c8fdae00c38ba6b2b6a

      SHA1

      d8f66b28b6394359802538bac6e631775944ad98

      SHA256

      99b89c9448a3f4c968a92c9df9a3a653144f6cf5b33679a2c56f9f104a3eb4f5

      SHA512

      535dbfa4112e4c11a6e6c304d45e18f0058b290248996cc839f2816c7cc6fd48f1076200d2ce6a8167351384aeb846b952d0199923670e8dfe87317688e42c4f

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      471KB

      MD5

      4cfdb20b04aa239d6f9e83084d5d0a77

      SHA1

      f22863e04cc1fd4435f785993ede165bd8245ac6

      SHA256

      30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

      SHA512

      35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aE57F.bat
      Filesize

      722B

      MD5

      cdd5003873cdea42067252420e681c9e

      SHA1

      408826e983a903a97286e6542932478173c501f4

      SHA256

      f0c5ddf66cbeb61b5fe01076c5cf35a1628067ac0cb4b26fb4d09ca249b39ec2

      SHA512

      d25d75f2d819eeb67b69b947d7156ffe3e9997397469e400a845e0b894670cadfac2a4c3952e60d76d3921e5aad0b857e798d971ef60a7ff9c7bb7dafd973d19

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7f0532e31738e042bc42c63b19d2a6660bb62e684c3c2ebe09aa162d19234da6.exe.exe
      Filesize

      667KB

      MD5

      1611f32d75807a5902e1b63b94fc3c1c

      SHA1

      4b46b4d1ec8f5ea453367f5d7e3ed28265c894bd

      SHA256

      5e32c717f224489d63a8e91729a24a29f5bcfbdb8f299cd2c4f13f8606166f8a

      SHA512

      8d9e3c99fe3da058be4a04be6d4522454810ce2e0b05dc8ec63ea2b8b422cdb57107f30c80bb12dc39250e957823dcd98508087581507d81ad2abbb9796ce13e

      Download Submit

    • C:\Windows\rundl132.exe
      Filesize

      26KB

      MD5

      7abd02dcc99ac564591c6d671469d226

      SHA1

      9138a0572b4a24df05eafd110bb951fec6d7d567

      SHA256

      d0ddcb7aa3267af033685eaf85453a27fef494460499c42b58ad06edfadbf408

      SHA512

      06c8302cb301043d708c3f93eabfef90abbedb0cfb2e4f799b3dab12ee8d6c852eb5c63b51ecc7054e99007fb0ef471adf1c6d7dde939e561625fc424178a191

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-312935884-697965778-3955649944-1000\_desktop.ini
      Filesize

      9B

      MD5

      e02899454c67c7d6d1af854fdcb53b67

      SHA1

      26fb213f7c299c2a4d8c4afd234ee0b751d7a30e

      SHA256

      0e67e90646d3ba7b46f935b205c9f89e8bff2dca7aeda3cd5dfb93868b262315

      SHA512

      e1519bebf62ab4cb28e630a201312812e04f815ec0663f7b68b478da97c0bf7c7c2238a8632540d3d1f37acbe83919fb198b39ebeb222c19faa2130ab65ffffa

      Download Submit

    • memory/1212-33-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1740-16-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1740-0-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2604-38-0x0000000000400000-0x000000000047D000-memory.dmp

      Filesize

      500KB

      Download

    • memory/2604-31-0x0000000000400000-0x000000000047D000-memory.dmp

      Filesize

      500KB

      Download

    • memory/2668-35-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2668-45-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2668-53-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2668-101-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2668-109-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2668-765-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2668-1889-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2668-3351-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2668-18-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2712-36-0x0000000000130000-0x00000000001AD000-memory.dmp

      Filesize

      500KB

      Download

    • memory/2712-28-0x0000000000130000-0x00000000001AD000-memory.dmp

      Filesize

      500KB

      Download

    • memory/2712-29-0x0000000000130000-0x00000000001AD000-memory.dmp

      Filesize

      500KB

      Download