Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

02d7fcf26a...0N.exe

windows7-x64

7

02d7fcf26a...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02d7fcf26a18c26e4b9eec835eca6d50N.exe

  • Size

    2.7MB

  • MD5

    02d7fcf26a18c26e4b9eec835eca6d50

  • SHA1

    9632e89d1168d460dc44f7751a61ee0a982fd188

  • SHA256

    58b88628c2236ca689870b45609aa5a4bddb89394fa8565e91626a240d9d6f74

  • SHA512

    648756d5c9c82422ef352647852509d33ecbd06302e25aa1de5d2a329db5d6ee4e6bede68ad2942d5048360f0dbfb0e764a2899dc2a2eb4c476dd4c5f26aab7d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBm9w4Sx:+R0pI/IQlUoMPdmpSp04

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02d7fcf26a18c26e4b9eec835eca6d50N.exe
    "C:\Users\Admin\AppData\Local\Temp\02d7fcf26a18c26e4b9eec835eca6d50N.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Adobe9D\xbodec.exe
      C:\Adobe9D\xbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Adobe9D\xbodec.exe
    Filesize

    2.7MB

    MD5

    5a09d9f936a1dd5bf1e3d8a3d709a72d

    SHA1

    86ac76b1acc77dfed7e38a714d6be248ff8993a3

    SHA256

    4326e14ad8c4e71dabdda071cad69394b70e75f37833e249bdb73ce8ec228de7

    SHA512

    c562e0a631c71eaee7867f808d46fbacf3eba0c28fa6d38b958f4a0cb3705c2a9a90e3e279c2e2d61f5bbc00b62c7ccd5b5bd63493000a59c93ba3d4a1e15ed1

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    c1964a2a809847169c937aca89835655

    SHA1

    a0417b0d618b911555aae70a4745c2a5e3bd02b8

    SHA256

    37e9869fc71f9b0eae7e92f5df38978ed7ac04fef6121774f88e7060212421e1

    SHA512

    1b9a65257f63961241a0ad7dba45855f2ba08facf9be70b30f028c57bad225b0ae5bbf86664836ba58cc90d1c8ad36c01e073c5ca75d1d7634b53020d90f4012

    Download Submit

  • C:\VidPE\optiasys.exe
    Filesize

    21KB

    MD5

    88c4193a34bc33ed642c08b873d8f01d

    SHA1

    09090721da01bb4de69a935354eb91e434b18f1b

    SHA256

    885ae505ce1d9fe457313dec50b16b13a0467d754c98013814cc7e643b27ce0e

    SHA512

    bd78e8ee2067c7a441769636d628685fd84921ccd58e82b05257dd862af095dba0fbe9642b38d161c7bad148f749c65592c682bad75a7ad362ae9514d2c6dc50

    Download Submit

  • C:\VidPE\optiasys.exe
    Filesize

    2.7MB

    MD5

    011a04ec1b3e58686316ae027f71f2db

    SHA1

    26c8e1a4c93b5c3e19bf7e411ab10ab4cbb1dd3b

    SHA256

    5abd8511a0ff7c6e7d31f7208019a43852797b38691b226b54289a3868ffea89

    SHA512

    513ecec1b825eb13459f716dafa409e3c36d4802bd4d9acc5e19ef46db4b940cbecd9d76ca861e420eda19d9ad20f64fdb434f8b0c873d13ea3f1b7fcf4232f4

    Download Submit