Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:13

General

  • Target

    ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe

  • Size

    2.7MB

  • MD5

    7b8c8a7f8972241cff615761c9d9400f

  • SHA1

    995057155666f49ce18e6bcb8ad75515b1d8835f

  • SHA256

    ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b

  • SHA512

    198cf1d1f92cb7addfdd7f2c17a37a0c2974e370f6a1bc95df8d11256cbb3d75e19b68b65116e2261a17e5e1014d616078bb3a0172955fb19453764e9df516b4

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB39w4Sx:+R0pI/IQlUoMPdmpSpz4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\UserDotBD\aoptiec.exe
      C:\UserDotBD\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB4T\optiaec.exe

    Filesize

    2.7MB

    MD5

    0aba70aa5c89a1a6a9a9a401eba37d02

    SHA1

    63e00950a402c3617f390eb09f96af271dc51d7a

    SHA256

    5c01a456ff47e8a5297d60bb9981f439be825a1a2ff27d08e017540defa44a77

    SHA512

    bc6c5929712b02008169c33a034878fd4dc3525c7dccbc5d2710cb04c546100048af4b48a67252646e176e83b10efef056c4eb5c48545244027a96e2b07662cd

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    202B

    MD5

    50ee4ce6c07fd61aa33a680c5d175327

    SHA1

    4a42431c1d6ba385c9c7d01daed01310c37747ac

    SHA256

    b30f34e875724af666a7cb9e9a9c96c5549f7f6c8eaa01dbac1a0f64b284aeef

    SHA512

    e2944e693d4eaffebb433638107b45ef05b54acace3cc6ac911a9eac7fab3fe35779d2be72a92c22455ecf7ce7216009bb06c99941f04655bff96315c58f7ffd

  • \UserDotBD\aoptiec.exe

    Filesize

    2.7MB

    MD5

    e9d4f6ab723396cd1de8732ebe114d40

    SHA1

    28025369a72a7696942997d349e5b774c994e983

    SHA256

    7d9c66c618f871d3624c4f4123173fe1f7ad2e138efca501afeef3a432d00ab9

    SHA512

    09e472b7a665e17cced5a4b74ac6413fd497d8964df1d0a8c89675f0c5c75f6252acb41f541ecc7137e7c19e0256d707066bd7c477c1dfee9a6701099f895e28