Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b039bb57dd...0N.exe

windows7-x64

7

b039bb57dd...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 09:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b039bb57dd2ead9d82efb05506085f80N.exe

  • Size

    2.7MB

  • MD5

    b039bb57dd2ead9d82efb05506085f80

  • SHA1

    fb0a1e412dd68b211e648991ab88a312b58c8158

  • SHA256

    162ac57d0ea5005a25eec2cbb27337b66beb317cf77c37208c1b4fd6f2ab914e

  • SHA512

    0d6e869a5b0b83532e682ac69b5ed4674c1e21901874009542930578ff543874c5bc23bb08ab704669dd7347a35b14345a48edd4807128ee2a11d49eb7329ae6

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBM9w4Sx:+R0pI/IQlUoMPdmpSpi4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b039bb57dd2ead9d82efb05506085f80N.exe
    "C:\Users\Admin\AppData\Local\Temp\b039bb57dd2ead9d82efb05506085f80N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\AdobeOW\xdobloc.exe
      C:\AdobeOW\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint1C\optidevsys.exe
    Filesize

    124KB

    MD5

    133419adb7ed14ec89d2b0f8a82044f3

    SHA1

    25a51fdff6d1efd8d6795f0dde20a64d58bbef8e

    SHA256

    19f2a1acca9cdd33947dc92ac9eaa792068cac5cbfc044d507396cb44e846190

    SHA512

    75fddd9f10e189726cf5ffc7f771cdc8610d2d670a7fd29bd4957a00726961e73289ef0a0103cc4b2139480e6bf0f1b49b49427d0fe4898ac277354f31b50c56

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    95e696cb33795a36c9f55cb3a6726dad

    SHA1

    791add89a978c20791871848655a703e03b46c9d

    SHA256

    e74553dd174694e226410f885aa3e232d0910115a6b901dfcb7cbdc4085a82b7

    SHA512

    03fec5fd83bea299894adbe56a856d953c65368aa1d028c90dee86922246a6c0a2856633bfab08b6020edc77a59a603f684d5d03c9c1f0caee941d3ebe9ec052

    Download Submit

  • \AdobeOW\xdobloc.exe
    Filesize

    2.7MB

    MD5

    55692d0d39a25866d5039aec515bc4b3

    SHA1

    c5f1c75fb0c38e123de183bce93af282eba7349b

    SHA256

    031a9fd92b5d4a1d5b21c568aabae50a7275f00a4b9e555ae89e9773c148ac66

    SHA512

    13464dde7baa11afe549d77f2a23626fdfab3d791d5d55133f148ed7596f7625548e9c51bad027b72c929fce6d4488aeb8329eb296540d5567c0bc401104ea33

    Download Submit