Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d7c73b050e...ea.exe

windows7-x64

7

d7c73b050e...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7c73b050e80094a4b108a31c9dc4904b4dcfa1f04348698fa97e2b349cb13ea.exe

  • Size

    2.7MB

  • MD5

    7f176e69f1362c0c1337af4149cb751c

  • SHA1

    2cf250b2f27cfcb9850ae8b60e43fb2f93822d7f

  • SHA256

    d7c73b050e80094a4b108a31c9dc4904b4dcfa1f04348698fa97e2b349cb13ea

  • SHA512

    0786145e68b19b6b1e8ee765bb06b1dbd822e69378296cc18a54aa25d637388fe102f11266a28bd56bf311f5d3a6dc4e0b63ed277b506c5678b91abc55a24e3a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBF9w4Sx:+R0pI/IQlUoMPdmpSpR4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7c73b050e80094a4b108a31c9dc4904b4dcfa1f04348698fa97e2b349cb13ea.exe
    "C:\Users\Admin\AppData\Local\Temp\d7c73b050e80094a4b108a31c9dc4904b4dcfa1f04348698fa97e2b349cb13ea.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\UserDotLA\abodloc.exe
      C:\UserDotLA\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZG8\optiaec.exe
    Filesize

    2.7MB

    MD5

    d34d526bcd1a32704eafc9eb3f925d98

    SHA1

    d24e0e8bfcd3ff099ce46964f048229c3e9015fe

    SHA256

    5f61d11a9ff0fbee14d30dc8b289596c2c81b60f31262d386bd6a7fd68dcac09

    SHA512

    1def4bf099702f93cda164c7b6310e67398cb99813a0e05772cd17c0c6f24a826d4fb59daed113ef667e5d4a1544d75c9ee37f6beac107b87849fe4ea93b2f44

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    a4f17b82b4bbca8f6116d0e4f9347fbc

    SHA1

    a4b2a78e3dff5f5614257208758e69329a9a56de

    SHA256

    a09ef976be62f75eae2dc8a3771d53d50c1cfdfc32f3af0826afcc2859fe840c

    SHA512

    b19e160aeb69f56900bccc0b0da3ff509a2eed54281bda4c8a4383801e7ee5394d631c1c6174550f0addcb21607094268637995d5a0acdc1ab8d211c64c1cbd4

    Download Submit

  • \UserDotLA\abodloc.exe
    Filesize

    2.7MB

    MD5

    b04f7a5189deddf6c31d100f6908be14

    SHA1

    c97b32560f692038e3c23c17c245cc6323a3ca08

    SHA256

    f9224027a3888c28925a08233a18486b01b50537b2f28cea62e34532a6541288

    SHA512

    4c6a9740ce43dfc8759c62485d153affea665b891f858905a5c565ace6656ab993e334bd888f8900e8afef1a0f5ad0761bae58a6bdaa71f2b3e3265c1d463c92

    Download Submit