Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1b3eb09ce2...ee.exe

windows7-x64

7

1b3eb09ce2...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b3eb09ce2181d1063cf1f1c89ca0a47ce850852f17e9a7f4623e4cd6aa230ee.exe

  • Size

    2.7MB

  • MD5

    7a7c0c8e6176e4225a0482e6b7727110

  • SHA1

    72e6a9d0ea32ee104e63c7793574bce1428af72d

  • SHA256

    1b3eb09ce2181d1063cf1f1c89ca0a47ce850852f17e9a7f4623e4cd6aa230ee

  • SHA512

    1badccbcee34798f937a5ca50efc78f1e8afad207dfd877b49507a9b121a6255a41240aaea7e14fe2b267d8acf9d71e370d51652c020d18ae1638103c78cca9c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBm9w4Sx:+R0pI/IQlUoMPdmpSpc4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b3eb09ce2181d1063cf1f1c89ca0a47ce850852f17e9a7f4623e4cd6aa230ee.exe
    "C:\Users\Admin\AppData\Local\Temp\1b3eb09ce2181d1063cf1f1c89ca0a47ce850852f17e9a7f4623e4cd6aa230ee.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4040
    • C:\AdobeV8\aoptisys.exe
      C:\AdobeV8\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeV8\aoptisys.exe
    Filesize

    2.7MB

    MD5

    5271dc91d35be85cb16ac5ccfb7d2852

    SHA1

    7a7554e63a761bad547526b3b74f7663d543ffd5

    SHA256

    67a79b26768d24722b8fa32b75afed9ee98829db4208891f50db680bc15990c4

    SHA512

    3e94804bd2a9d634cd549c129cc1cd0a4b5e5e862c8b63c6e269fdbaf0da444ea073baf8505cfd38a8d84412cb31720f2dfd2a43e1c28086b9cdc7a250a6895d

    Download Submit

  • C:\KaVBFN\dobxloc.exe
    Filesize

    341KB

    MD5

    2e0ae0c41c18acca50d6b2b2301ac5d9

    SHA1

    695c12079dec0342ae2bb3ef607776b6fb78dede

    SHA256

    bc9d56bc05adb3c6bbd18391745ef20bd878be41c2cefa4f588bc8ac70471c05

    SHA512

    ac9c58a3e46a744c48a2b6989c484a47502e0fe531285b5fff83e27652911b4af1e59b3a2fcf2c7685399965a16d78dd964f24c618324da58bb6a34ff431ca79

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    202B

    MD5

    48d473dca7aa11dbc791e471f81ce4b6

    SHA1

    62c04db6363132936eca81bd68a5029de0e278cf

    SHA256

    ea22555b0c82c5d5e58156a722e242f46821b487c052dc9c3fd32593c1320a06

    SHA512

    27a90cad26f767582f50e075396657531efe0cadbc2bd8babaecb58acbfa7949949f3c37435036db42bc6b000d122f810a053846f1bc6fcad2f13d649579e25c

    Download Submit