Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7a36dbc34c...0N.exe

windows7-x64

7

7a36dbc34c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a36dbc34c80e27d52394c9def2756f0N.exe

  • Size

    2.7MB

  • MD5

    7a36dbc34c80e27d52394c9def2756f0

  • SHA1

    429bfeee3cbedd1840072ac519cd4d76107af731

  • SHA256

    4d2276f6c1c36f57d6bbfea5eb972a5caf734287eb36b7e19c6413727cfd44d4

  • SHA512

    9272409b57111a194c03d35d3f8dfc8a88d8dc4b1e917867c1cd53658af33929d86fd29dc3ff760abad8a0d12119b74d6957c7f20c4307830fd5973fded95bb2

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBY9w4Sx:+R0pI/IQlUoMPdmpSpS4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a36dbc34c80e27d52394c9def2756f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7a36dbc34c80e27d52394c9def2756f0N.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\FilesP4\aoptisys.exe
      C:\FilesP4\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesP4\aoptisys.exe
    Filesize

    2.7MB

    MD5

    f7c05200aa23a0351761cc75de6669b0

    SHA1

    2f0082deda53e99b0960309c753ffd2d6d328ff9

    SHA256

    ec7568c95873a64c9bf21c55075553ebfb5e03a4ce5d0ecf7831f23e17e60c00

    SHA512

    cf1600fee39dfe034ef9508a93d2c9c4a2f79d131cd517c113b6e42a980078a230b4411c203e2a7795695e9a99ed1197cc889f4bbdba3d26bf6ac48684b828cd

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    199B

    MD5

    ea5114e7bd92edbb7946aad21bcca028

    SHA1

    aa8401c2dad70f917786751a4d124d39aea4bbc2

    SHA256

    af8197aa40ad8e39fc82e20f1a4250a30ff48cfa6fbd0278ee890e19f73c6ae2

    SHA512

    9b0ef153b74a1d8b8531877143eed5b59735ce886242fbec69fed5ff35c84535e4d645ca022960f5a50eda7d3e2927ef3f1e420c5b02d6578dedb2c9a1234bb8

    Download Submit

  • C:\Vid4D\dobaec.exe
    Filesize

    2.7MB

    MD5

    671999ee39be8d7cee302bb3bd1a6201

    SHA1

    62518f1ed8b27666e7a876d58bfd9cd190dd5b47

    SHA256

    1994f34196e15e091a96043d14d1098c5a4dd72ea412c5d327119318d8d7df98

    SHA512

    2d22d9717b5a13e138ba7d9d68b7661cf4704b7f4116877df44419918297551b61ba62de2a6d78847394b4485986afcb9c6437e0542bc8eed68b2d80a6d9f863

    Download Submit