Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 22:30

General

  • Target

    670bc6661add51a8397a563dabf37b3056037b073d473bba1fae68cf2a71573b.exe

  • Size

    2.7MB

  • MD5

    72a9e7cd60b9a950d6d09836b9181063

  • SHA1

    e87eaebe994f31a396d5a24632a2f7ffc6a1be9c

  • SHA256

    670bc6661add51a8397a563dabf37b3056037b073d473bba1fae68cf2a71573b

  • SHA512

    8f8a0adc94dcacade4fdb0b345eb1a490974c1fdcd359a0ee88c2e888d1cc177a179b3347174c9e878eac9ac72b8cea4aed8596b56d0da11cdb7ef4486d44a20

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4Sx:+R0pI/IQlUoMPdmpSpj4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\670bc6661add51a8397a563dabf37b3056037b073d473bba1fae68cf2a71573b.exe
    "C:\Users\Admin\AppData\Local\Temp\670bc6661add51a8397a563dabf37b3056037b073d473bba1fae68cf2a71573b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\IntelprocEC\devoptisys.exe
      C:\IntelprocEC\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocEC\devoptisys.exe

    Filesize

    2.7MB

    MD5

    5fa72fe32f0be437655fffee64838455

    SHA1

    3f03c8aaa1c5ac0be8826aa278271bff79c3e172

    SHA256

    60e934f686d8b8ff0f5c7eceeec403f728d37bd9b5792688339e8fa5ae3178b4

    SHA512

    26175dd09d90e7e7cb2f75ef3005837a1a9f05190941ebd44cdc2fa6359ac742a04b03f5ddc99407dc40945a83ed4eb9801870a435a5cb4dc1a46bbab62097b7

  • C:\KaVBIO\dobdevloc.exe

    Filesize

    1.6MB

    MD5

    5804b7d4cdc77efbb29a02ff5f1d4887

    SHA1

    4927e58787f6319b41c344ce1cb31d66b5e9859d

    SHA256

    384a0498d57307191ff93a4e535a4f406e3b29d213816ee8fa44fbb4dd485705

    SHA512

    24e5fdf0e4111bf4915294e30c37414a73b3475e88a7f512246c7a692afb2f552c6d850e7d6806eea3fb96db7d41ea29bd2defee2f255a19d73a99c89d61c7e6

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    210B

    MD5

    a92ae43874333706f747bf37b1d498d9

    SHA1

    d395d6322a82b664660b8290e9ce74a5c42664ad

    SHA256

    97486733c57012455ed6dcaf1355eb2cb8bb41c919af5d74b19419c12a500d01

    SHA512

    2f4698873aa2153aaf8d7dacb8217f3399c09c051068e3c42cb1f7b63eae055b00a9e2ce6454114780983b2006b6993ebf091f1934d0d579207b5d88c118ce2b