Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

066bb10dee...de.exe

windows7-x64

7

066bb10dee...de.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    066bb10dee4bac0726151deeed9eb54a1a3844c57210ae4eaa5e3270622ee1de.exe

  • Size

    2.7MB

  • MD5

    79c7cfeb29cb3caeb9a404b0c370b6c0

  • SHA1

    2f3cc0337060b209b18ce7b5f19290f5588baf8e

  • SHA256

    066bb10dee4bac0726151deeed9eb54a1a3844c57210ae4eaa5e3270622ee1de

  • SHA512

    8e90d54fae89da4c4f53e8efe1b0738f0083352319b68c3a4975f31a44104d5e3aea78898b6267acdd475af491dbe3dbd4378b44d06969d2a2e0d7667fb4b01e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBq9w4Sx:+R0pI/IQlUoMPdmpSps4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\066bb10dee4bac0726151deeed9eb54a1a3844c57210ae4eaa5e3270622ee1de.exe
    "C:\Users\Admin\AppData\Local\Temp\066bb10dee4bac0726151deeed9eb54a1a3844c57210ae4eaa5e3270622ee1de.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4916
    • C:\UserDotK5\devbodloc.exe
      C:\UserDotK5\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB3X\optidevsys.exe
    Filesize

    15KB

    MD5

    022db4caa078243a65481a252bdaf382

    SHA1

    08243b787567a75233c4afe3287681d972636a18

    SHA256

    360ffc2beeb5f5783310c71f4ff6f223c6e8eb6fe9b65338c693b21f6cce1f3e

    SHA512

    1e03f722dde3921c04fb7671a5bc5867dc2496048c58d7bbe4113fbd8eccaa8b1b1538f703c8a684c3ed57ffe5bb917230a1778ae1300fb10f7d35d4324a0238

    Download Submit

  • C:\KaVB3X\optidevsys.exe
    Filesize

    2.7MB

    MD5

    4de7e5f68b37f52d3ca8e11aed0cd1ac

    SHA1

    999cc0501634fcea5c4524013bd19bb80b4e0742

    SHA256

    8f0dea49714fac3c05c30ac9e2eabc1d051a456175b18adbb0004eece1acc4b4

    SHA512

    37948efdb4a3e376360944f1663f80167d8b8659e9b23202678d9141099fe104729652ea3313e99d6111c1dd23b5d7d551851fd861622744151d8c1dfd9d1251

    Download Submit

  • C:\UserDotK5\devbodloc.exe
    Filesize

    2.7MB

    MD5

    a22b4a636c0224669d12f92d3a83852e

    SHA1

    36f660637ff6027e80ea94c53049fe9fd7b0ad82

    SHA256

    81fe2a37a18e426c4b4be590a421a1beb655ea6c7d291d3e5ea6600937304db7

    SHA512

    3f573e69f71e170a79501f3b06fb005969a44b5efc586e3e0a47b19dd34661920342204e2de61a84c116388cf1508d0615e04c2001b68ea0778b698ef223af38

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    209B

    MD5

    fcb38278645a9e3efdc13016abc36244

    SHA1

    f9d774b00b407650a7063e3ca8f1481513ccfb1e

    SHA256

    bf665ee88d871363b5f6e25746b0d151dccb0e6e48627126540cfd8da8131ec4

    SHA512

    0a403f33b62af1d92b50b91826e710c396577252095a975e5f87a4f2b735e07f72900db02f916c5652ee2328720ef1573534ee008c8c39354d55aa825dbf8127

    Download Submit