Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
22/07/2024, 04:44
Static task
static1
Behavioral task
behavioral1
Sample
609778445692760644343b045a142df0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
609778445692760644343b045a142df0N.exe
Resource
win10v2004-20240709-en
General
-
Target
609778445692760644343b045a142df0N.exe
-
Size
3.1MB
-
MD5
609778445692760644343b045a142df0
-
SHA1
73dffe5fe6d8317cd90f3bc262ee6fe9e6de6df5
-
SHA256
b761f278b6ebe8aeb7da5a52df097fc86ca43aaeaa02019c9789750bad66f076
-
SHA512
bb13ba4a7daa7ac2f9eaf0dd1820d248823f9c954a4af1addd96ff5b7779a7fbf1b1641fba6895c5ad5629ae67fc89c54934a65ad369470e8851fb87afdbbd65
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB19w4Su+LNfej:+R0pI/IQlUoMPdmpSpx4JkNfej
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2488 aoptisys.exe -
Loads dropped DLL 1 IoCs
pid Process 1172 609778445692760644343b045a142df0N.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocT5\\aoptisys.exe" 609778445692760644343b045a142df0N.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintX9\\boddevsys.exe" 609778445692760644343b045a142df0N.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1172 609778445692760644343b045a142df0N.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe 2488 aoptisys.exe 1172 609778445692760644343b045a142df0N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1172 wrote to memory of 2488 1172 609778445692760644343b045a142df0N.exe 31 PID 1172 wrote to memory of 2488 1172 609778445692760644343b045a142df0N.exe 31 PID 1172 wrote to memory of 2488 1172 609778445692760644343b045a142df0N.exe 31 PID 1172 wrote to memory of 2488 1172 609778445692760644343b045a142df0N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\609778445692760644343b045a142df0N.exe"C:\Users\Admin\AppData\Local\Temp\609778445692760644343b045a142df0N.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1172 -
C:\IntelprocT5\aoptisys.exeC:\IntelprocT5\aoptisys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2488
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD5f9cf228543c733043874d60ef9116cc3
SHA14a964396d8a46398b583fbcc71186848af24d36c
SHA25663d5f943edb6af0e90f73e21b041f6035ec1ac954de375ed8607d45034acf039
SHA5122a236aaabf56cc827b864b4484fcaedd9f739a20feba3a6c9c521439ea93b2c43c72f1a77ccc247bdacf7a94102316c6e3b8c4937aa63e45836bba885f0f59eb
-
Filesize
206B
MD58142c4747ad87a5423351936805d07f4
SHA160445dfa2e46a58ceea21af6f1555e319bc0d767
SHA25671c570127ecc22ceff0780e1121a93eb2baff790c954c0ef519ac03c3cd7f33c
SHA5126b167b582d8d87a5b5678b243cb12913e868f04e8f39c821be757a47090b7098551e94f7b11599237b3baa9ddf5dc84ccef0b28fc098b3872ee91e2ede0e7c7f
-
Filesize
3.1MB
MD5a0c765606e0d27719be041c5c767a466
SHA128cd4a55f11e8c0e0e36b84e7c7fd661e5ad256f
SHA2561b43d6e5b1ba1a80e33fd2a112fa00fc3b216233071b0b7fe24acb673e72f93c
SHA51234babec897698f7c994cf8be7771902893a44170ae208f17de17b44ed5600ea69cd1e5788b03553a3a449ae046fb6550584bd4c5a6766b771c273ec8c7229dd7