Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

baea2fe61d...fa.exe

windows7-x64

7

baea2fe61d...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/07/2024, 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    baea2fe61d86a25b679a5ab54eff377a33845ae536a977c7c8dcfe25809632fa.exe

  • Size

    2.7MB

  • MD5

    124deea2dd40bf37afef2009e583c1a4

  • SHA1

    0e914afc75ed2082c4214d49cf42d7a194cfd3b9

  • SHA256

    baea2fe61d86a25b679a5ab54eff377a33845ae536a977c7c8dcfe25809632fa

  • SHA512

    cf11e7cef57301beb1d140b6f39ef9baa148388855bbe877cdb8e1438eea7ec6fdf30db151faf93364b139d6dd372fd8ea82cbeac14a3898b794270493feef87

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB59w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\baea2fe61d86a25b679a5ab54eff377a33845ae536a977c7c8dcfe25809632fa.exe
    "C:\Users\Admin\AppData\Local\Temp\baea2fe61d86a25b679a5ab54eff377a33845ae536a977c7c8dcfe25809632fa.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\UserDotK5\abodec.exe
      C:\UserDotK5\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ99\optidevloc.exe
    Filesize

    2.7MB

    MD5

    f221c340fb6046e058305cc88687cdbb

    SHA1

    ff7748153c3a11ca598923e08ad289365e61cbca

    SHA256

    aab27e44f6bfe61e3cb8c4d070ca8d2285b08ee617c924dfc5aeec3f9470dee4

    SHA512

    07cab31cbd1994b655ea03e523b41655b11b48e38eaae92e45224937431c8d7c0729f8fe8a9714237b249a1b0bb6cc999007d48bd1d0a6882466a24cfc90ed40

    Download Submit

  • C:\UserDotK5\abodec.exe
    Filesize

    2.7MB

    MD5

    baa7ea02a21a427510f70edf12bc9da6

    SHA1

    913cd2c4d40d39eb6d098b94e25245550f6fecbc

    SHA256

    60234b8b991cc80585b1b6fa09eb550492375261b32cf38807a02c7c4bfabaf5

    SHA512

    862b2e66f96dafb45b5e5803cd5c5e3c5ddcb980ab7c674fc76ddce2e96ef7421fb83f4b6ad2d57208af5f012cadc226ac1089a5304fd0c49941767f8df3393c

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    207B

    MD5

    795ee73b168f5a2effc715d2354661b4

    SHA1

    cf1cda986e85abcc6f42c73491aee97d4515c0b3

    SHA256

    dc273d3b3ff74da1a62e0c1288410d3e4aebe833416a0c550df7a034a97f8950

    SHA512

    b22551c90d2adfa85e2c8fc15dc7e74707f5c26d8a71a507219e5672053d7221df22b903e939ae00ece5571e0591db2d26525eb53788c16da57a78cf7952236c

    Download Submit