Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:23

General

  • Target

    efeefb84176a41b672555a90300daeb286a159ec1b523c8162595c06a69091f2.exe

  • Size

    2.7MB

  • MD5

    886ebcb4b3ebccb6d9b0c66cddeb1516

  • SHA1

    86d2533a3f7ff271bec4e1a5d899d708ad28f306

  • SHA256

    efeefb84176a41b672555a90300daeb286a159ec1b523c8162595c06a69091f2

  • SHA512

    7dde75e4e434e6a2a4b79665e546f7d993cfac2b602c29b4a0f4fda54167ff3562abee4afa99f0c314caadc5f7abc99d9913d48c3c946447f0411e44cd98ce63

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4S+:+R0pI/IQlUoMPdmpSpH4X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efeefb84176a41b672555a90300daeb286a159ec1b523c8162595c06a69091f2.exe
    "C:\Users\Admin\AppData\Local\Temp\efeefb84176a41b672555a90300daeb286a159ec1b523c8162595c06a69091f2.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\FilesOR\xoptiloc.exe
      C:\FilesOR\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesOR\xoptiloc.exe

    Filesize

    2.7MB

    MD5

    e1dcd12663d5f5844f7a9726c24ae11c

    SHA1

    03fe106acd86e7ed0a5d2ba50d3d50c7f5f361b1

    SHA256

    adce075e24c428a1c1047d71b0dcfca50869b5aa5e9a4b0963b0e82ba4c329af

    SHA512

    b46d7f6f0540dbc813d77167a91ee8b8b98d721783073a8beb4856892217b36d506bf6934355ea48cfdc8baa384a91ece2e18dde92b492bb57495dc44bd841c8

  • C:\KaVBYN\optidevsys.exe

    Filesize

    25KB

    MD5

    3c2d1004d0eaf1d05e477ecc4b548592

    SHA1

    2f0a4454ee678d7e064b90bb5f30f779000fe8ae

    SHA256

    d574ee866bce0edae34fb11a16ab23aa42791aa2291789e76f4ebacc2751475e

    SHA512

    062a54d216076de0ebaa17a426038fd98167b6f797e452099eaab74bdcbc97b74bb106c28e8e025c0833a5342231f6332310f1796a2ae737d45a48c510e10df8

  • C:\KaVBYN\optidevsys.exe

    Filesize

    2.7MB

    MD5

    d28398eee7fb2775262da5ec82e0eb51

    SHA1

    34e2b7e7beb690ab9addbf453bc04a33cb0636ee

    SHA256

    4ab33b1e70f456931aa2b52270e89b0f4b488d24a774be6cdc39e7ce0b4a7fba

    SHA512

    5c8397fdaf6d4ec861b426dbe58578d568ac7a6fad75a8b7e70289421429d42622ded6d2371827e24c97b7a329bd3ebce670812733ce9216f554ae9b8a3b19fe

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    11927baba8b561d8da816bb04f279ff6

    SHA1

    4d7f613924cd382c1b194d3ce025498a0f0611a7

    SHA256

    d501b64d335659fea479e0da1c4fa14e16e44aee66b1b24c6877d06ec9f13024

    SHA512

    6adca752d0fc10e13de35629980b119e8b4c79b7c1d8b28b83f580226b9757b90d4db9e8dab4ed939e2a7bcdc2083fced26ea4c66b6ceacd2c9664f10fb26ed0