Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

204c7ea8b2...34.exe

windows7-x64

7

204c7ea8b2...34.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    204c7ea8b218b3f4b43ee77a54c1b025d0b63ec25fae32f0afa63d2023d2a134.exe

  • Size

    2.7MB

  • MD5

    f0e33ea969c2e38cec85e6a57ddde579

  • SHA1

    37a054a9c3e729d0d7c8dd9b8ce65ba6c8b9eb49

  • SHA256

    204c7ea8b218b3f4b43ee77a54c1b025d0b63ec25fae32f0afa63d2023d2a134

  • SHA512

    3c04be54546897ff1fdaa7f17d161122cc3f414ece23407edb5fd04666e17f9ca3f6a5bc17b67abf644bccf43fb98f5ca391ecae4354899ed65edde8bb2f70d6

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\204c7ea8b218b3f4b43ee77a54c1b025d0b63ec25fae32f0afa63d2023d2a134.exe
    "C:\Users\Admin\AppData\Local\Temp\204c7ea8b218b3f4b43ee77a54c1b025d0b63ec25fae32f0afa63d2023d2a134.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\IntelprocN3\devoptiec.exe
      C:\IntelprocN3\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    8ad80d481748a2220288e90db3c28244

    SHA1

    6edff7740499a576584e3ae6cff7a17615de404c

    SHA256

    f06016c87fa7014e51800f6b0ca236ecd96ba6e6f95569843c429d3e6c21e40e

    SHA512

    7a2edbd3f6fcb0958f44482d43d479163ea022667ca235f0424c2aa9df2a1b8125eba25f03a85f0e8bdfd60ae4fe9fe6f566f200fe92d95fc7765c1ec07a9abb

    Download Submit

  • C:\VidB0\boddevloc.exe
    Filesize

    2.7MB

    MD5

    c9dd81584eefba186c7cbe0ce1a4c334

    SHA1

    7cc0a2e70f087b8a9a80876de907aeb8e7504539

    SHA256

    cadfef585dc508d07b55796c94a99e922ed61c6f65862ac599abd34fe182248a

    SHA512

    364e1b6bf7c964443f4ac5b7476c62d3776dd836d7ddbf19208e0357bf0f0784d3c3d87810bc3ba40a8b4a5d30a0d006006c1137c9981dfc801ffa3cc1b20ecc

    Download Submit

  • \IntelprocN3\devoptiec.exe
    Filesize

    2.7MB

    MD5

    317ace3a00f64dec8881d616a4f3a9b5

    SHA1

    1df35d40deb17b3cb9bfdc961713102fb6b43800

    SHA256

    a6a5e958035f3c1ccc62952d3fc0452e1bff603afe2251eeb210f80e5ad0d9a2

    SHA512

    7a6de33f3cb0ecb2043839156be2069e62f9f624a58fbb74c5988e18a169c8277f863b98332f109daa30009004be677ce33213f264fac9af04ed0df7e74e97c6

    Download Submit