Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

32185053da...b2.exe

windows7-x64

7

32185053da...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 20:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32185053da33cd2fe9381ddcd9389a4d3b7409fb5d3cbab99bc72defbddebcb2.exe

  • Size

    3.9MB

  • MD5

    6d6b115ac5af96c38912354c84f72f12

  • SHA1

    6404ee58bb256ee4aa657ae9ce06169bd7138f0b

  • SHA256

    32185053da33cd2fe9381ddcd9389a4d3b7409fb5d3cbab99bc72defbddebcb2

  • SHA512

    efd2c7869ca24082eb8502e59192ec6ae35cb2528056f8ddbe588f717107d3b2a5716f4a63d032695ac119da4e1e10fffbe3000c86dcfc69daa847bba3a9dec4

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBNB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUpKbVz8eLFcz

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32185053da33cd2fe9381ddcd9389a4d3b7409fb5d3cbab99bc72defbddebcb2.exe
    "C:\Users\Admin\AppData\Local\Temp\32185053da33cd2fe9381ddcd9389a4d3b7409fb5d3cbab99bc72defbddebcb2.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2524
    • C:\IntelprocNP\devoptiloc.exe
      C:\IntelprocNP\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocNP\devoptiloc.exe
    Filesize

    3.9MB

    MD5

    9d5acb17a1009beeccc1189a5aee003e

    SHA1

    47a04b2da46b1d03685860d67ebe6c86343c32a6

    SHA256

    dea9aafb855e8c9dce3e02c581295c2e19c739ab0f450c8c6e0584614cbd6479

    SHA512

    07f5f2b10c98caea42a7cad19ddfe1e2e930458c0d7757c97c61d2f680b7507db6c8c83c44cd9c707b52e248bc92ef2ede172cdf76149802eb5917f8cb3bc499

    Download Submit

  • C:\KaVBK2\optixloc.exe
    Filesize

    3.9MB

    MD5

    9ce18ae20ab163e1ae703eaa098808c6

    SHA1

    2ae550e0fca297827d8adf3fa8c3e4a7cc477398

    SHA256

    d78e966b9c49cbc2f7129cdfee2a211f752a02c24be8200734517796ba4e1c4e

    SHA512

    66449e7e1e2a52f1cbcc58dd60e7bd7a92345654a62a97f1f0c82d9d598e408a5074cc42732cb0c24bd0250c50fd01f787f784f1497c612930b3cea13afae7f7

    Download Submit

  • C:\KaVBK2\optixloc.exe
    Filesize

    3.9MB

    MD5

    668e1d0fcbae60b841635176bc97a3ff

    SHA1

    6e418dd624941b254602731d3a148746b77a184c

    SHA256

    c93e137afba3bbcd79c89aed9069f8d1ef091960621f05dca4bcfbc844f3d3c9

    SHA512

    9cf9c56149409b0e7b4214101275f93d925f2ec5dd24e86854e19b3c44ca2ee121b1ae4e57bf1f43aa92123a51f3f11fa0eba10c1eedd5d59bf1957524842e57

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    176B

    MD5

    12be035fe8f6ddf67a6de8f6de004b5d

    SHA1

    52933a1ec9b28bf98c0b577ca036fbc9b59195ae

    SHA256

    9b2912b8da70a2a3f632759da74781247207b9a1b27c20edb2c8ee05f2cb7e23

    SHA512

    4873fa99f60e607012a94d4b23242fc4917ef8e0cd88dcf7381776b9786197bb216f72a601e1104065669488e5f270a7651ea176c28c0878a2d0212279957baa

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    208B

    MD5

    9257cc075b8c24f7c425d8ba84056e1a

    SHA1

    43d67de025b03fbb89d47b1b699f437fa9131366

    SHA256

    591a88961d67df83c1f3c16f5a526331d4ab80556b57bb821bf4170c837caae8

    SHA512

    1b3d2a1871ce1b133b3ef9d47803e94ccb3bb7ec8e6ba93bb1b85c6d7f229c504ba88e6771cdb06d2df6fafcfad16530d94f028875ef783af8a624fb9d1f5c77

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe
    Filesize

    3.9MB

    MD5

    70fcb397328b1f617d5daf46b48649e6

    SHA1

    8bb02c329eafb427d269990aa05a209d6de2084d

    SHA256

    ee05560be651d261e30828ffd40707e748f86cd1b75a97d2901ada40bb2657fc

    SHA512

    ba6f8c0373686ec3f03fd77f32629f63a0d635d7065f2d9fa5ed524d361bffbc7c070dabea083e09430f1e3976cd81ad5430186a3f3c71d6de7b62f9d037bae0

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.