Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

59b63d0e37...0N.exe

windows7-x64

7

59b63d0e37...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2024, 03:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59b63d0e3702529c84a23e34a93776d0N.exe

  • Size

    2.7MB

  • MD5

    59b63d0e3702529c84a23e34a93776d0

  • SHA1

    c89a2401c7737766b0ddd131906d7dbf1c533e3d

  • SHA256

    678b5eaaad793b7036cbff3572a38ee4153e4a7e0fca757ad2ac35bcc193589f

  • SHA512

    0ac55eafa0f57617f29099c6b96bdbbc496a4ef423980289ea0af4a5d3097abffa2244613452728a0c106f49e761387bc263560a819da65394c9fce78667c5d1

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBq9w4Sx:+R0pI/IQlUoMPdmpSpc4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59b63d0e3702529c84a23e34a93776d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\59b63d0e3702529c84a23e34a93776d0N.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\SysDrvDS\abodloc.exe
      C:\SysDrvDS\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\SysDrvDS\abodloc.exe
    Filesize

    2.7MB

    MD5

    e3b6eff8a9af5b4923666a508b586004

    SHA1

    0a0ec7f6ea8d32ec6971f4bbad0a93a7a9f5ad3a

    SHA256

    7a827530add561c5954b1583908f81533bef59bd63f63aa00f174dfb62c0d431

    SHA512

    3bbaa6441838cae91d5954058f085dfc9428b60a4a72ebf531f0d45466b1fc1a7a51229bc2d83d92feaaf3d64eec6bf895dd930dace2b4764ff39971f3c258ec

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    a4b9992f5987281e81b813c177cc3b5e

    SHA1

    918995d8009b2441bf3005b3abd85c11ae7da4f0

    SHA256

    93d0e9808dbb46cb3a60cb8ce12ea1b4c063a53fe7d745822d5771d796837786

    SHA512

    e07b30f764d31918607e90e4d6c2bb7913921b3d677427b1e9a1cb7f6b26a67c06217ec82279baf2a0686a9311cdce244a3f58d12a159f0d0fb4c2017cf47dbf

    Download Submit

  • C:\Vid6W\optiaec.exe
    Filesize

    155KB

    MD5

    17edfd426b7bff7fc7f5128dcd52f07a

    SHA1

    5a6c64d2ef8dd5365882c91fa59f74e00f7093de

    SHA256

    2c7fc5469e8fd79b18772bf6f048c2a1238987b0708eac55c9e854c1f4e21969

    SHA512

    6c3f46a9295192cc053637c04e2613b4ada2cb7c31fec0620795a4a8903b4956a1abfbd23cc347c760f6b99c45a35b636ecd0e244fa638a4bad90a913f91ba85

    Download Submit

  • C:\Vid6W\optiaec.exe
    Filesize

    2.7MB

    MD5

    4c3dfa6da0270f91fc2e8a1df5654ce5

    SHA1

    6e00619a810324a2396ad459b677e6279c766462

    SHA256

    e7d8ad6716a8f7efa2f17ea4f88bf7979b61745f17df0c672095c9d2198d9618

    SHA512

    e7e340e29e03227cf74e5367e7f0ba2ad2cd6ed78471af0cf5da4f77f2fbbc9d34f1fd9b864e6cda9efbb37fa12114ae13df7b76bf23088abb9f67e6a6b30222

    Download Submit