Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3d99010eba...3b.exe

windows7-x64

7

3d99010eba...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d99010eba207b7cb76b4a8aecce5afd554c695ffc3b86e8ee56a7ae010f1b3b.exe

  • Size

    2.7MB

  • MD5

    6d9b32039eaf1d176925da77fb67bdd0

  • SHA1

    cedcee40087dc145caa5e1041884d4f575247bfa

  • SHA256

    3d99010eba207b7cb76b4a8aecce5afd554c695ffc3b86e8ee56a7ae010f1b3b

  • SHA512

    3fc83cb37b8b0a1795ba528597cd7d68d63f678fa4bd6e593c72027de3f0453f254b05dcaf9c72d772d7da44d5566238872bdec02afbdd8f13d5bf9ea350ddfc

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Sx:+R0pI/IQlUoMPdmpSpv4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d99010eba207b7cb76b4a8aecce5afd554c695ffc3b86e8ee56a7ae010f1b3b.exe
    "C:\Users\Admin\AppData\Local\Temp\3d99010eba207b7cb76b4a8aecce5afd554c695ffc3b86e8ee56a7ae010f1b3b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\UserDotBV\adobec.exe
      C:\UserDotBV\adobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintDI\optixec.exe
    Filesize

    2.7MB

    MD5

    646fd407b3e58a2c4736748dd67e8662

    SHA1

    4b75d9d1d86c9d1d71d5433421217b5b4794add1

    SHA256

    955e017aac7380553eb87785a06b262afc438d326dc010ff71bb4de4e2cc9048

    SHA512

    a5f14e367bf34c79b793d40ae94aed3d76cf69631c3123a976126f19c0640accfca1018c1141a4ae6f48fab15a768f9b53fb6b6ac3b4d9351bb0292bf5c95e49

    Download Submit

  • C:\UserDotBV\adobec.exe
    Filesize

    2.7MB

    MD5

    cab10bbdb3e621e07992f3f3ea401dac

    SHA1

    ac41b287a0961d6bb0fda9485a194e541378cf32

    SHA256

    08163924e7e781878880ad4e1db9220d4563bf27bb7849698c8efc6804880835

    SHA512

    80a83a360ccfdd02ba5c8bd934aa56ef61f89f0fb68b243b77922d5a2312c58f07c4695ae8df7353cb28f7ffe35a146bedc32526fa8da3544b8188cb9bf45801

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    0625e9abf9465ecb76167b68410b881e

    SHA1

    ff3e83642efb54e0620390844e9564a1ffc3a9a7

    SHA256

    1d6d05729cf31af55a0254bae62b4b72747edc64358ed2a8d31fb821055f1e9b

    SHA512

    c141986d7e78d501ade141a35a8783885597ef23e32b44c9b93e0899b2a0f6442152504a3b42ea9c2227c0cea1fb3816da80a3fbd668d39c6b4bdba3685db1d2

    Download Submit