Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ec7fc9ba18...48.exe

windows7-x64

7

ec7fc9ba18...48.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec7fc9ba18e1984f05014245e1488ad2fb2eea78434d21d7567e3d4363351348.exe

  • Size

    2.7MB

  • MD5

    611a2e9538ac48e61ba3fbc789bc45ee

  • SHA1

    4f525587a4873501b28c2ecf23b1edbe7826a7af

  • SHA256

    ec7fc9ba18e1984f05014245e1488ad2fb2eea78434d21d7567e3d4363351348

  • SHA512

    a061d4e797adcf632ddd1680921856c4df43361e4a65c3cefcda0753ab64816a87b89fac2df3feb0f92152222b50baf7b0c6ca773858e3fae840bdb0103b34d0

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBP9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec7fc9ba18e1984f05014245e1488ad2fb2eea78434d21d7567e3d4363351348.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7fc9ba18e1984f05014245e1488ad2fb2eea78434d21d7567e3d4363351348.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\UserDot8Q\devoptiloc.exe
      C:\UserDot8Q\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBIF\bodasys.exe
    Filesize

    211KB

    MD5

    06ecc9e99a04963789afb5902a6c04aa

    SHA1

    06dd2e450b5d400eed9ab8c60eda36527a0304ba

    SHA256

    2415b409e744925cab26b4a6f6675778f3f09967d3b079d6c606a2b890b1efff

    SHA512

    d1ea46af92ed6b19fc16e60f99382077d918b5b3184fe6b751738e9292546269485acceab3a68dd3b35f8c4db02ede7ab665e097702953f2a9a0b377d77d93fa

    Download Submit

  • C:\KaVBIF\bodasys.exe
    Filesize

    2.7MB

    MD5

    4c7f454f8e928f0c33ab7888ab11219a

    SHA1

    46bb29bb4f2b182890ab73b54000f2b4597b6ad9

    SHA256

    fc4f1e0c6fac82256d7a840699fe2f15e702b1054a2b11bf08b4bf709348ea80

    SHA512

    3d3acacc098b009e02000559511ff28307535d88f37a995f631995a1c567181c91cb67d29f24f76a2bb82fde8bdccb15fa1c9f531e0f189ef8dd571805ada9e4

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    eb1809d5a72467470949c30c3124803f

    SHA1

    5657b23c2088caafc43945174cc9db47abdba833

    SHA256

    ea54ae745e30b8c7e2b56728fb2ecf3e349c10a85ee88048d9099377b490bec9

    SHA512

    186ee2f3a0415380bffef68eed732911937c07260a72d12fc7f7f9910b04dbc5d263e7cdb666bed917bcb33187952a5a514b28beec7c12a4eccbe19a72cd37ce

    Download Submit

  • \UserDot8Q\devoptiloc.exe
    Filesize

    2.7MB

    MD5

    ddbf1a98ea14de6c6e288389379661a9

    SHA1

    13e844701005aaa005cf3fd407b6624cef22290e

    SHA256

    49ad86a7497ca5edce28db02d601bc5fc07771ee24c04e3120f98632395c5791

    SHA512

    db2d1a145794a0002fc770a69f971300c1fa3412d82d059f11b1fa0eb8917e488ba055424555d8edc0944582ffe5161f9c39552799f71363054e33fc90c63175

    Download Submit