Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 05:13
Static task
static1
Behavioral task
behavioral1
Sample
ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe
Resource
win10v2004-20240508-en
General
-
Target
ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe
-
Size
2.7MB
-
MD5
7b8c8a7f8972241cff615761c9d9400f
-
SHA1
995057155666f49ce18e6bcb8ad75515b1d8835f
-
SHA256
ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b
-
SHA512
198cf1d1f92cb7addfdd7f2c17a37a0c2974e370f6a1bc95df8d11256cbb3d75e19b68b65116e2261a17e5e1014d616078bb3a0172955fb19453764e9df516b4
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB39w4Sx:+R0pI/IQlUoMPdmpSpz4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1164 aoptiec.exe -
Loads dropped DLL 1 IoCs
pid Process 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotBD\\aoptiec.exe" ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVB4T\\optiaec.exe" ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 1164 aoptiec.exe 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1164 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 28 PID 2032 wrote to memory of 1164 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 28 PID 2032 wrote to memory of 1164 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 28 PID 2032 wrote to memory of 1164 2032 ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe"C:\Users\Admin\AppData\Local\Temp\ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\UserDotBD\aoptiec.exeC:\UserDotBD\aoptiec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1164
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD50aba70aa5c89a1a6a9a9a401eba37d02
SHA163e00950a402c3617f390eb09f96af271dc51d7a
SHA2565c01a456ff47e8a5297d60bb9981f439be825a1a2ff27d08e017540defa44a77
SHA512bc6c5929712b02008169c33a034878fd4dc3525c7dccbc5d2710cb04c546100048af4b48a67252646e176e83b10efef056c4eb5c48545244027a96e2b07662cd
-
Filesize
202B
MD550ee4ce6c07fd61aa33a680c5d175327
SHA14a42431c1d6ba385c9c7d01daed01310c37747ac
SHA256b30f34e875724af666a7cb9e9a9c96c5549f7f6c8eaa01dbac1a0f64b284aeef
SHA512e2944e693d4eaffebb433638107b45ef05b54acace3cc6ac911a9eac7fab3fe35779d2be72a92c22455ecf7ce7216009bb06c99941f04655bff96315c58f7ffd
-
Filesize
2.7MB
MD5e9d4f6ab723396cd1de8732ebe114d40
SHA128025369a72a7696942997d349e5b774c994e983
SHA2567d9c66c618f871d3624c4f4123173fe1f7ad2e138efca501afeef3a432d00ab9
SHA51209e472b7a665e17cced5a4b74ac6413fd497d8964df1d0a8c89675f0c5c75f6252acb41f541ecc7137e7c19e0256d707066bd7c477c1dfee9a6701099f895e28