Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

baea2fe61d...fa.exe

windows7-x64

7

baea2fe61d...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2024, 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    baea2fe61d86a25b679a5ab54eff377a33845ae536a977c7c8dcfe25809632fa.exe

  • Size

    2.7MB

  • MD5

    124deea2dd40bf37afef2009e583c1a4

  • SHA1

    0e914afc75ed2082c4214d49cf42d7a194cfd3b9

  • SHA256

    baea2fe61d86a25b679a5ab54eff377a33845ae536a977c7c8dcfe25809632fa

  • SHA512

    cf11e7cef57301beb1d140b6f39ef9baa148388855bbe877cdb8e1438eea7ec6fdf30db151faf93364b139d6dd372fd8ea82cbeac14a3898b794270493feef87

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB59w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\baea2fe61d86a25b679a5ab54eff377a33845ae536a977c7c8dcfe25809632fa.exe
    "C:\Users\Admin\AppData\Local\Temp\baea2fe61d86a25b679a5ab54eff377a33845ae536a977c7c8dcfe25809632fa.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\FilesA7\xdobec.exe
      C:\FilesA7\xdobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    721100826c578622c7296c4f80e9b1bc

    SHA1

    214b2e97af60248eb3f9dd1d7b1ba716a7a4f7d6

    SHA256

    05a15417fe0b2107a7f713308d875ac6216f093b5291548d77497a57c53959db

    SHA512

    8ebfa71abd8f723179d576705392438d7b01df1ee9076c572bc672c6c9f924cdd66d0f2d6dbca5ae2eb7b7df9a5d434c41ade5324ae94c5e118f6bc85ea2dec1

    Download Submit

  • C:\Vid1Z\optialoc.exe
    Filesize

    2.7MB

    MD5

    a3c82b25ef640b4de7ee350723a9a43a

    SHA1

    f8867844c4ed3c429b80ccc44282e2ddb90790a0

    SHA256

    b50a0969aca5d815a9c18f80a274e1adadb8e7e48b4c5c769951b611a4de56c1

    SHA512

    ba0afffcc57db2c3da0ab4103c5de41dc2dfb0e8443cd1182bb91e7cfae3a9c109d1be182953bfb427663785570d57ef11f63c0eb7ef5d7358aba6c1d3e0372b

    Download Submit

  • \FilesA7\xdobec.exe
    Filesize

    2.7MB

    MD5

    0a99b77c73b4e85605da8df3bcf1bd5c

    SHA1

    1ddee6ba5b2f8d83e3621c3bd138944d77a76c49

    SHA256

    6bb318e110b88aa09bcb32c167682223dd471f281b7c6890fb2b4d9bb378cf0a

    SHA512

    a542361b87b00a2a3c1a3124bb0e70b2d4f593b307a244c812fde38dcc6e75e9d48f1da9bee39aee76715bfecd0a3450fbff4c346a543210e210ab328a25a2ef

    Download Submit