Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 21:46

General

  • Target

    4c3fb44d8667a193d01add2c60cc6f8b9dbaaaf673b16628b0d9ff69c7301770.exe

  • Size

    4.1MB

  • MD5

    f2e730e1833d5c1f28eeb06f647e1bd4

  • SHA1

    684449943fc82ce2debb1d58dd9e8f12257dfe57

  • SHA256

    4c3fb44d8667a193d01add2c60cc6f8b9dbaaaf673b16628b0d9ff69c7301770

  • SHA512

    b29f9048ba7a6346889ba027139a5cd60d4af5874033f1eb408cf5178fe2042b75e0e3d1a97ae574b12f34a519508ee378c797ea5ada63c0fa43b6218d1972a9

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpi4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm95n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c3fb44d8667a193d01add2c60cc6f8b9dbaaaf673b16628b0d9ff69c7301770.exe
    "C:\Users\Admin\AppData\Local\Temp\4c3fb44d8667a193d01add2c60cc6f8b9dbaaaf673b16628b0d9ff69c7301770.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\SysDrvYQ\devbodec.exe
      C:\SysDrvYQ\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ9E\optidevsys.exe

    Filesize

    4.1MB

    MD5

    e80139e2da4286c20459a55be22a8a45

    SHA1

    d0a2c5980c8f111d375d453f913fc30a9ba4377e

    SHA256

    5195f77f652a9ed5334501967011d20a10420c76a6f8ec82de1a0ffa147de164

    SHA512

    c7fa88952a7b9c3e15d79dad084c94bc4f34fcef955519d6de7fc77844226945af4f9e834d1ec1073b672aac5041254a244b6bea260b89c1901fa1e3b03400c5

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    208B

    MD5

    5f30248496e4d95f86a1ba31ea4cbce4

    SHA1

    6c0ed5b0d9c29a05dc343783e6b2476b51f09d73

    SHA256

    604ea0c745f356aca1652cf77fd7fc5ee0b75eb140f9595adb8fda54cb81b178

    SHA512

    e12f59da12d5fb1324c851fda71057635014468ad5f21c69020c6039277eba65fe9f4425e50210205e832703188da8200d88ab4d106bb52a2ef1b22a49bbead7

  • \SysDrvYQ\devbodec.exe

    Filesize

    4.1MB

    MD5

    75dfead1aeb27747e90811f53e7107d4

    SHA1

    ff9d36e0bd6edef6f786511fec51e465968092c0

    SHA256

    6e5d06276fa21e090c84192ffce7673ac986aa43328a5d692179210ae31e260e

    SHA512

    636492886751aa819de1a1b54caa1e72f217bbba61382be737db831cb7f2be34592793595fc5797aa2ed55a1f677e905870f5951bb487f4371978a7bb7c86b45