Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 22:30

General

  • Target

    670bc6661add51a8397a563dabf37b3056037b073d473bba1fae68cf2a71573b.exe

  • Size

    2.7MB

  • MD5

    72a9e7cd60b9a950d6d09836b9181063

  • SHA1

    e87eaebe994f31a396d5a24632a2f7ffc6a1be9c

  • SHA256

    670bc6661add51a8397a563dabf37b3056037b073d473bba1fae68cf2a71573b

  • SHA512

    8f8a0adc94dcacade4fdb0b345eb1a490974c1fdcd359a0ee88c2e888d1cc177a179b3347174c9e878eac9ac72b8cea4aed8596b56d0da11cdb7ef4486d44a20

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4Sx:+R0pI/IQlUoMPdmpSpj4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\670bc6661add51a8397a563dabf37b3056037b073d473bba1fae68cf2a71573b.exe
    "C:\Users\Admin\AppData\Local\Temp\670bc6661add51a8397a563dabf37b3056037b073d473bba1fae68cf2a71573b.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Files2Z\devdobloc.exe
      C:\Files2Z\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintCY\optidevec.exe

    Filesize

    2.7MB

    MD5

    f049f316d1dcca60f5682a3c1fad11ad

    SHA1

    2cc5209b28e53e0d97c2aa2540904a5db8d9a772

    SHA256

    29d9202c78612e74cb2b5016b22ff110d526a03ac7a3aca362e1fbc52bbf30e8

    SHA512

    333d8c63373946edfc76e8f9f4d1afcc993a45431e287816a4f1a0aa03880ace89972633c8d8665ab55880714064d30cc574d4c300369096dfbf74f671bc68f0

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    205B

    MD5

    384b1ea5852efea73c6cfac4f27aee40

    SHA1

    2227b5efb838fb563a8d3a6d1fe146e3b637a94d

    SHA256

    b71de1189c4897af7bd2f4f3bb32ce3fad005333b43875560722fd141e2e02b3

    SHA512

    dc24d5f81c0e8f5530ac80bb83f2143a7113bed9b78f3ada0f7e810e44ef9fc621415da656846f655aeb71dcf439f7c6e98833853c266d720b459fc98af33775

  • \Files2Z\devdobloc.exe

    Filesize

    2.7MB

    MD5

    d882df19ee641e018ef14140f76b4b8c

    SHA1

    26605a05f72c5eb2fe6c4ea17f38a79ddcc5c977

    SHA256

    2fdf388b0416b6e5c27560d4f75934991794c0a5e3931d906b5535d8ed5cc429

    SHA512

    addad9a18ebba0a618c3a4883d6ac0083622c6879e7dd42198c9e0687d7b622be2b3c28c68f74808f893ffd6e2b569e0db1e5effbd68bdc582c0d705bb1a65de