Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a50fae300d...73.exe

windows7-x64

7

a50fae300d...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a50fae300ddcea21727ffc5830f18fe14248e7fd74de78a08f905b47b99fc673.exe

  • Size

    2.7MB

  • MD5

    b9a355504fd5198a4798530b339e7a20

  • SHA1

    3ff26ba831b3b91f7dcc3f486dd3ffa3501d0950

  • SHA256

    a50fae300ddcea21727ffc5830f18fe14248e7fd74de78a08f905b47b99fc673

  • SHA512

    7fff9e4b32c1d7fc079efff7888b0951cd93248a50c69e2fb9165c7252b5521fdc625989f055193f614e054bffb7f9c4e5d35c21ba5b28a5f2276f5470fd8815

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Sx:+R0pI/IQlUoMPdmpSpq4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a50fae300ddcea21727ffc5830f18fe14248e7fd74de78a08f905b47b99fc673.exe
    "C:\Users\Admin\AppData\Local\Temp\a50fae300ddcea21727ffc5830f18fe14248e7fd74de78a08f905b47b99fc673.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\SysDrvEF\aoptiloc.exe
      C:\SysDrvEF\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZMH\dobxsys.exe
    Filesize

    16KB

    MD5

    ec23b1ca16735b9b088034fc8375c3c4

    SHA1

    f095886f5229fa0bad58e7c61099b9950b012a22

    SHA256

    69f5cac87295358a8d20af0f65d8e900f010af5e9ef388d12c6cc39989d9716c

    SHA512

    eff5a57e314115ce526e07bee5af32e17faa9ca8bf57c69900ae9c596772282124cadaeab2033555013813a722d97cb101096ae367daf62fa62a4fd2d45b5e9a

    Download Submit

  • C:\LabZMH\dobxsys.exe
    Filesize

    2.7MB

    MD5

    671422e1ff756d4d8ed7a0beda99fed3

    SHA1

    47a6f398d2956614a1ba201635ee635cec032848

    SHA256

    7ac980835cd8296940a45903b8cc561059721525985674a55813d2cc204bb9d6

    SHA512

    e98688d53cbb5b7bfc89423bebe71575a836154f19c7b398a95cab3d35bb038e255dcf6d9e2d1bf1a55960b1b84b12328ca1e23e3fbfba3ac3be3237e20fc894

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    cc6bae20fd030ccc5d480d9fbffb2d08

    SHA1

    f27aa8e41c3edad9525fdb125b2d914bbfa1e2e4

    SHA256

    eec899526df9c13373c425aed794511627aa063dbc6154d3af16b17af77eb449

    SHA512

    1994969d3aa17f6e48a89dc000e032aa6ffb964c68b6c0b8fc2e561a4dc745f65cbe1511349f09c3aeffa481ff631fa5f2b87549e2ad7169ceb3058d371edd2f

    Download Submit

  • \SysDrvEF\aoptiloc.exe
    Filesize

    2.7MB

    MD5

    b4e2d5e295b085f9032d42379e7f6a4e

    SHA1

    e12088a352cb51b0699c145cdf41fd8b0c22ecb9

    SHA256

    1308e62bf5b4871dfd1bafb79297eea77885672d282cdcfd8f84235b37704b2e

    SHA512

    7fbb3667d40295c064f2ea08671b7277ddd7927743030b13e7484b2f46292c2a71424aed38ae0dadd350e9de6d4cac4c0f4634af1f1b8710615363d37b0b407a

    Download Submit