Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a954688fa4...36.exe

windows7-x64

7

a954688fa4...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/04/2024, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a954688fa4b5764877fb0b28e24579587c310fd2d85a3e3d8a8967ab02678e36.exe

  • Size

    4.1MB

  • MD5

    878a02e17c2d5d0d091e438f3a29224c

  • SHA1

    5cfaf5b071625e825145fb92f7f0b55492fd7cd6

  • SHA256

    a954688fa4b5764877fb0b28e24579587c310fd2d85a3e3d8a8967ab02678e36

  • SHA512

    617cf9727a8c3c1022ec19e53043214bd59bb58de3794c30efea5bc0972a8ed79d1ff621128ae2814baaea56c4d15e44b0a10dbd1004ca833459ba47970d095a

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpF4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmq5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a954688fa4b5764877fb0b28e24579587c310fd2d85a3e3d8a8967ab02678e36.exe
    "C:\Users\Admin\AppData\Local\Temp\a954688fa4b5764877fb0b28e24579587c310fd2d85a3e3d8a8967ab02678e36.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\SysDrv22\devoptiloc.exe
      C:\SysDrv22\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBHD\bodasys.exe
    Filesize

    4.1MB

    MD5

    ef4e213fb4e12503fd539b796aaa7b4b

    SHA1

    08ab526b3171cdcac130b8ddf7ab4d1b806905b5

    SHA256

    d44d281fd195932169e2a862730633a1554a9cac75e4616ec66908bf403d785c

    SHA512

    c2367639145f03e722fea37ae0ae436abd4bc866ee1590af73d916b78261ddd0b8d81c783f75d0ab5bb58f03b537241639285091beee8ce19b15ffe253640564

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    29f543cb79c148284847ea7169f817c5

    SHA1

    77412f9b3f3b22fbe0f5e7b598c5d402a53597bf

    SHA256

    08b427b52137419bcaa5499db5b47e16c291d536eda961870537f1ba9f14f69d

    SHA512

    7d0d1273c660aa839f51598bbebc0a9749e3eb6b9381052c4494734cb7e4ee70101704e6d73a895185d7cf0417122fe8dd70dcb986e27c7f8af6225927e9c93e

    Download Submit

  • \SysDrv22\devoptiloc.exe
    Filesize

    4.1MB

    MD5

    6bbe760829a2fcbd8742805595badd32

    SHA1

    4ac185974a0484d63346cbb558dafd6b4dc42bbb

    SHA256

    fd9ee4acd17d1da19e4af77274bf86a488b0e4c4470aaf36a739242bab71bcea

    SHA512

    a6e4a5752ca92e824ef98682ddb649062815a5fd616ca8b5bc31ecbd70c46563f34646608c92012747c03786ef35ecdd0c9a6b1a7eb39b7fc4cc7f63d3c5e755

    Download Submit