Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3ace6863c8...0b.exe

windows7-x64

7

3ace6863c8...0b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ace6863c81d58befe9ea56bdb58230b.exe

  • Size

    2.7MB

  • MD5

    3ace6863c81d58befe9ea56bdb58230b

  • SHA1

    bffb460a239735ff0558a1980a6c4ed9d06f30e9

  • SHA256

    519f62e5f0b5d7a84c11293dda4cc6b1ca8754da2ae8acbcb071ac3c504df158

  • SHA512

    5fc70f284c28e39eaf03572840c1634991b60b0c254d5cd6760a2f0f920169c5bb0ed9a219a328f0babec074a87859e774b1f5c8a588910cb9f659851f2084ee

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4Sx:+R0pI/IQlUoMPdmpSpk4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ace6863c81d58befe9ea56bdb58230b.exe
    "C:\Users\Admin\AppData\Local\Temp\3ace6863c81d58befe9ea56bdb58230b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2608
    • C:\IntelprocY7\devoptisys.exe
      C:\IntelprocY7\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocY7\devoptisys.exe
    Filesize

    2.7MB

    MD5

    ff2b5d1398c76fa06140ca0108248b54

    SHA1

    848b2955191ed28942300e4a374afadbca747223

    SHA256

    01fecc8d52b1852c08ffca3064eefe439f6a54b5a6e35456c644737fa6062361

    SHA512

    ecf9e44cf79a4357bae6a074b50eda311fc1529273dce476dbe4477ad30c6ab7c6075faf76a16d6cbaed7bd82b3d04f9c5aa47628b510fd3f759d5ada8043142

    Download Submit

  • C:\MintND\dobxec.exe
    Filesize

    121KB

    MD5

    8a15d9ca21773f1b87580a7fc4c7cdce

    SHA1

    70bbe40551a5a2b22e1eb2c3100bd9c5cbb1fa29

    SHA256

    9de4ca6e37cde8f6b9ee8109b31d08160372503a0dc7413a17731fd66ec6a67b

    SHA512

    b5d7deebe3bd625cd4066dbb2b81ee082e57a05ee7c92e9d43fc1cd94b49c6d398fa0e954d9df48fbeb5ff744c5e9eb3e4e4d5fb45eb067effe7619765c37d35

    Download Submit

  • C:\MintND\dobxec.exe
    Filesize

    2.7MB

    MD5

    9accc9e250e6602eca8a8f4210525d20

    SHA1

    75ac271dd212bd8f7e398280ea22867836ba4d2e

    SHA256

    4f9937c7d1e57dfc1d9825f6ef42ffedd92a35560759f73d1d6222e5e8bd5f4d

    SHA512

    c1582346ff2d544201f4dcabdcc7f45b86d354cebcdb49db9c69ca8b6bc95b6d33b7a4886896553fcb7b80ace0425ee9302ece6758936b2ce4bf03e3f05f6888

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    d85a3e9b82c116ee53aabe5a6233f62e

    SHA1

    8b07915891177874b3de8e8d5080938b25896d78

    SHA256

    6fed4bc845ae40aaea7aadaf03e7ec593c643ff9465a21beeb34a59b2fa43ca6

    SHA512

    126b0b75e9b25b49c6da5e58bd0b2788cc1a464f860e4f66bfa9c1b27002e7ac8c0c2e8247b55469a67510871ecdc9b8bba91ab9cb3c34707e6c90971876356d

    Download Submit