Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f6d039bd7b...27.exe

windows7-x64

7

f6d039bd7b...27.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6d039bd7b33f7ef675757690d395e8816e3b4bf22a5c05e4f78f395ccb49d27.exe

  • Size

    2.7MB

  • MD5

    1115f275e740119deecd7264e54972ac

  • SHA1

    71424f85830f6f396fc4c350fdcd189ec09bef7a

  • SHA256

    f6d039bd7b33f7ef675757690d395e8816e3b4bf22a5c05e4f78f395ccb49d27

  • SHA512

    eb558a5433af8b0d58e1b77d638f63598ce80bb4d9af5c377f2826de35b1e7cf0d609bfbc3c8d02b61a4f0b1b25b75d3e6896be69aa4bbbfb2801e2c3a7e129d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4Sx:+R0pI/IQlUoMPdmpSp/4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6d039bd7b33f7ef675757690d395e8816e3b4bf22a5c05e4f78f395ccb49d27.exe
    "C:\Users\Admin\AppData\Local\Temp\f6d039bd7b33f7ef675757690d395e8816e3b4bf22a5c05e4f78f395ccb49d27.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Intelproc0V\devdobloc.exe
      C:\Intelproc0V\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZG5\optixloc.exe
    Filesize

    2.7MB

    MD5

    4cf97f57712d3f2a73fa1d35267f2239

    SHA1

    0e795d5448319606e6f76175f1dbf886772699b0

    SHA256

    c512a8d6a0e0c20427460974cafe99e41ac1977346333c008896963ff820354f

    SHA512

    ee35e9b831df3e18ede54315b275d9798c1eb40935930d9b41afd53e13a40921961add56fb5e8e9207d428e00b8b8ba4c66fbfae8e8b4b20e4392d407570cab3

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    86dcea32781e2068c7c86031ada36a90

    SHA1

    065199ff9f850db13d071dc9f18993691e946e35

    SHA256

    df97776aa95bc03773c4cca278bc26b2c5f0532ab53cec5faed938b93cb7d4b3

    SHA512

    448896cab9767a8c02f22b0019971f9c344f081b18f7d6d2aa6eb4527f419a317b3e12691ad84b630cc863d0cdc2d6d2eaf6ce630937aefaf7b806e24bad0229

    Download Submit

  • \Intelproc0V\devdobloc.exe
    Filesize

    2.7MB

    MD5

    f9a2706aae3f5e1c82879be5c3166f78

    SHA1

    b56ddf47de1818b2273c13059e10e826a17e8a4e

    SHA256

    f9701e4b6c32d5bb6f1ade59e310da84034708b1f6dd4f16ee288c986f7e505b

    SHA512

    68bf972b9517c928b42b210028e92fc5ff0bbca186ab6a2e13b43e5cb85ba25c493b9b793e0ae0257fe32ef66150581ce9b740154bc8a4d1e85e6ac879580782

    Download Submit