Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
16/07/2024, 03:05
Static task
static1
Behavioral task
behavioral1
Sample
59b63d0e3702529c84a23e34a93776d0N.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
59b63d0e3702529c84a23e34a93776d0N.exe
Resource
win10v2004-20240709-en
General
-
Target
59b63d0e3702529c84a23e34a93776d0N.exe
-
Size
2.7MB
-
MD5
59b63d0e3702529c84a23e34a93776d0
-
SHA1
c89a2401c7737766b0ddd131906d7dbf1c533e3d
-
SHA256
678b5eaaad793b7036cbff3572a38ee4153e4a7e0fca757ad2ac35bcc193589f
-
SHA512
0ac55eafa0f57617f29099c6b96bdbbc496a4ef423980289ea0af4a5d3097abffa2244613452728a0c106f49e761387bc263560a819da65394c9fce78667c5d1
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBq9w4Sx:+R0pI/IQlUoMPdmpSpc4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1128 aoptiec.exe -
Loads dropped DLL 1 IoCs
pid Process 2556 59b63d0e3702529c84a23e34a93776d0N.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotGK\\aoptiec.exe" 59b63d0e3702529c84a23e34a93776d0N.exe Set value (str) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidOT\\bodaec.exe" 59b63d0e3702529c84a23e34a93776d0N.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2556 59b63d0e3702529c84a23e34a93776d0N.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe 1128 aoptiec.exe 2556 59b63d0e3702529c84a23e34a93776d0N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2556 wrote to memory of 1128 2556 59b63d0e3702529c84a23e34a93776d0N.exe 30 PID 2556 wrote to memory of 1128 2556 59b63d0e3702529c84a23e34a93776d0N.exe 30 PID 2556 wrote to memory of 1128 2556 59b63d0e3702529c84a23e34a93776d0N.exe 30 PID 2556 wrote to memory of 1128 2556 59b63d0e3702529c84a23e34a93776d0N.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\59b63d0e3702529c84a23e34a93776d0N.exe"C:\Users\Admin\AppData\Local\Temp\59b63d0e3702529c84a23e34a93776d0N.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\UserDotGK\aoptiec.exeC:\UserDotGK\aoptiec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1128
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
202B
MD5293ad16dcce952961e5b2af28531ffc6
SHA1085a94f53ec9428670fc6662c584858025e1ec11
SHA256c7edee53be23e81f4470325a2f184964663b41f3acb446df9674b008fa1ffa8e
SHA512cac0e810feb43a2120e574f2da703208e86a32347e3bdff0236bb91dc01043f241b7aed406f741e76b0ec49d6732f3b43bf80af36a223bdb96b4b7572a37470c
-
Filesize
9KB
MD5bf965ee8f9d95b943a5ea888a522c44e
SHA169326314abf4da6764942ada42d063b44fb707c9
SHA25613c64f8ad509d213565146a5459b79218788b601d1d572943dfbacb755233c7e
SHA512c5b066aa1f9c4aa2d78f788c9be796bc4016f479bb94a04aa8acc989526f1637cb18b97eefb4cc366cf3b29b7f7860dfe7860a23ddf51ae21401c53b0004d60b
-
Filesize
2.7MB
MD51b87c000b537921771be3d92c2972ce5
SHA195399cd5aa566ccb1fc3d8fe7550a2c16464fb56
SHA2569eaac6014149eb5a99f0ec7b38ae9f436c2830efdae0c062c163014387b322b7
SHA512b9246bf3161ac8951d16e195b042933c504c1ea9f9709363eb03edc9c3537b0c1ab775b6fbc459a23b133b547b064e2c93a066e51711b54c8f9fed7ceaf4a048