Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

111dccd40f...0N.exe

windows7-x64

7

111dccd40f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    111dccd40f3a25c8d1d6cf4aaa438a90N.exe

  • Size

    3.1MB

  • MD5

    111dccd40f3a25c8d1d6cf4aaa438a90

  • SHA1

    44da76348bedee456a55d664b7d3d5bce78d4bd5

  • SHA256

    f8c904144de10a92fac8bf8c74e9c1d5f054c36c4a1a6aa251ca2ce1ce15b759

  • SHA512

    2c7d57374e7f3a0526592d2097c1f830eb32ad05f884061e7dfa7b37867a2f0e5798cd18d92268247650665b4b24f6e76bc2e0edb8497d00850a1255c3c469a8

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBC9w4Su+LNfej:+R0pI/IQlUoMPdmpSpk4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\111dccd40f3a25c8d1d6cf4aaa438a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\111dccd40f3a25c8d1d6cf4aaa438a90N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\IntelprocSO\abodec.exe
      C:\IntelprocSO\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint6E\optiasys.exe
    Filesize

    3.1MB

    MD5

    ccc884581902cdb891de245ef8182bbf

    SHA1

    8a607699b87d0a30404eb17d72c804bef82bcb37

    SHA256

    3eaec4c43f9c7ea090488a80c7ed0d5d5ac18ca0958985ef0e6fe3e70362b0c8

    SHA512

    571880e658a2daef6cd7203f597109d171b79fed17105861beea15672fd4ac155d1b19f0fcdfdd2207d62e38216f1f7f410f9d50ce8344548dfc3ea5cb26bf7a

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    d37dd5e4148cbcaf32551fe4b7db4a3e

    SHA1

    d1b1f5e1de821adb43b1ac534df76574c6528d8b

    SHA256

    53c09b54b1a93dee141daecacc77af27bc5aad977b9cc729037abf2bc334ff92

    SHA512

    ca487c0017c7026b9a1862c5e2b44bee7bd935a8e3ab5738fe708ec5b7cde9c7b29b35dfaa276fffcbb23025a33bce9c90f177d8d50f5c02bc3115754d10c6cf

    Download Submit

  • \IntelprocSO\abodec.exe
    Filesize

    3.1MB

    MD5

    d92a7e3154b805d287f37a41718f9018

    SHA1

    fa8e2119120c1a26624309c326c6335e88830c38

    SHA256

    dafff7a3583dfd8cdcce8b36e3855f3bf4dd40a18c27b28b383a9edaf5acabe9

    SHA512

    3b0966f906f434e090cbb1ce456b148d07ecc377ec0f58555a748fbc314a475c434a5deb97ff750cab2df51eebd1ab130d5daece344704ae56e74603fec08cb9

    Download Submit