Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    86s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 09:14

General

  • Target

    b039bb57dd2ead9d82efb05506085f80N.exe

  • Size

    2.7MB

  • MD5

    b039bb57dd2ead9d82efb05506085f80

  • SHA1

    fb0a1e412dd68b211e648991ab88a312b58c8158

  • SHA256

    162ac57d0ea5005a25eec2cbb27337b66beb317cf77c37208c1b4fd6f2ab914e

  • SHA512

    0d6e869a5b0b83532e682ac69b5ed4674c1e21901874009542930578ff543874c5bc23bb08ab704669dd7347a35b14345a48edd4807128ee2a11d49eb7329ae6

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBM9w4Sx:+R0pI/IQlUoMPdmpSpi4

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b039bb57dd2ead9d82efb05506085f80N.exe
    "C:\Users\Admin\AppData\Local\Temp\b039bb57dd2ead9d82efb05506085f80N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\SysDrv8K\devoptisys.exe
      C:\SysDrv8K\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ22\optiasys.exe

    Filesize

    20KB

    MD5

    b92414c672ba9e2925b6757c19791fc3

    SHA1

    a11b84b2fca34660c4b4d3eef04dbc31b34f40b6

    SHA256

    6d936842e9500ac54f463f0aa28fe02f76bc48a010a4ba7fd4b6882d2b5e599b

    SHA512

    518fb89373465fc5d3855acf15cf212b475a8da5649ccc0b520528f04fedc0294ad911407201f8e00807879a5c14098a17c34e837296d7662ac2b7861814bf4b

  • C:\LabZ22\optiasys.exe

    Filesize

    2.7MB

    MD5

    bf4ac9941be79e54c09fe7ded2e99907

    SHA1

    7ab61672be03b39888d86ce95282fc4f15767a0e

    SHA256

    d907e99466392ce1fbb285d26e4e6f2c9c3a83d2be2259be2afb3d91925690e4

    SHA512

    458a15550051303fd1653cf392903bf3070505428fab52ccd54708cbcd01cc499a8aedb9ada7c2dfc3410d1cd7b925835991bba3a0109176c6cebe15b8a0efe6

  • C:\SysDrv8K\devoptisys.exe

    Filesize

    2.7MB

    MD5

    5bf507477a9da5eda941b6794d6761c5

    SHA1

    f21709308cc6a3e8b285a16bcdc00ce2fd9d79a4

    SHA256

    0bead37e0fbdce8bde5e62e796793a7b95ba988946c99b499d0f82806be0e5df

    SHA512

    d0e2c5498dfb77ffbf92e52cfdabe7873163c95dba36552ea868bccc15afd958239b7609e1f7b1c122eba981b2a09b645f0ff66e50ed2eb205e0071c51717372

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    208B

    MD5

    55bcf02ba0670062242b56d7346d24db

    SHA1

    4c6aae75aa157eea43ec1324270391ee64c2dfb4

    SHA256

    fbd361f439fc2c35b58d6b9b5b763e0198e255eb1abe48bd1e0814bc5a707f7e

    SHA512

    b3eb25d29d1833c6bbe4d3a8d5ea29ff29cf5d2a2bb8767de967446d61b3f57e0714406424833538da00b5d2f925e1b3e3187b3b2cfdab7730b67a92bc3cddef