Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:23

General

  • Target

    efeefb84176a41b672555a90300daeb286a159ec1b523c8162595c06a69091f2.exe

  • Size

    2.7MB

  • MD5

    886ebcb4b3ebccb6d9b0c66cddeb1516

  • SHA1

    86d2533a3f7ff271bec4e1a5d899d708ad28f306

  • SHA256

    efeefb84176a41b672555a90300daeb286a159ec1b523c8162595c06a69091f2

  • SHA512

    7dde75e4e434e6a2a4b79665e546f7d993cfac2b602c29b4a0f4fda54167ff3562abee4afa99f0c314caadc5f7abc99d9913d48c3c946447f0411e44cd98ce63

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4S+:+R0pI/IQlUoMPdmpSpH4X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efeefb84176a41b672555a90300daeb286a159ec1b523c8162595c06a69091f2.exe
    "C:\Users\Admin\AppData\Local\Temp\efeefb84176a41b672555a90300daeb286a159ec1b523c8162595c06a69091f2.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\UserDotGG\adobsys.exe
      C:\UserDotGG\adobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBJL\optialoc.exe

    Filesize

    2.7MB

    MD5

    d75965096608dae1ffd8530271fdaa28

    SHA1

    545cf456e1b36ab763bf2138187eefcc48282a25

    SHA256

    cb12d2e86f3568c496b04eeb148ff4f14173527642d97e9ad5594a5735c99e68

    SHA512

    9a724eeac5ad7a5a23c0e1b4d8df25dd2711ad03f394987f839e776ca367d855816259219ce302281959b6fe0880c5aa7893c6d66c4aef5e563a179574acda06

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    205B

    MD5

    a295a1512bdd46feb147689c33d1ecdf

    SHA1

    a2f6a30aadc853e37c3031eaf131438f73073076

    SHA256

    a6c87cd5d00f8384da55c4f39e418634c8bc9e2c7a591e145a4028bf3bb122dd

    SHA512

    531c3d6ac7a0e965691c7d0d8586f73a34ec6985329291cacd2487a30be1323b0248f4a052b6d1a1082056fd09ce1902a9b21b8f4d215da45afda9ac50992f55

  • \UserDotGG\adobsys.exe

    Filesize

    2.7MB

    MD5

    ea2cb56766651d3326f9fd36e3837dc2

    SHA1

    652c487924fe3f4e123c62b6f6f82d0b87ace9c3

    SHA256

    11ccb8d0bb7643a2df8a980d0f8c32ba361492780b03d796ac7c8073322fd051

    SHA512

    fba313bef9d5de6a89cea04112c7dd9b146d48063eb53662c41bf9b40f257bcf50d4ff9291431e1efbbdc4d090706cdb5ef809ca8a0d6ef74fd4e5e3199f89ce