Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f256b84171...0N.exe

windows7-x64

7

f256b84171...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f256b8417180964dd0c32294e7e0d670N.exe

  • Size

    2.7MB

  • MD5

    f256b8417180964dd0c32294e7e0d670

  • SHA1

    9e4ba5fa77ec32077a43901bf8bfcc2011089294

  • SHA256

    918d3f2d20453b54e1507098f949af54cce2f54ea0ba353a44231eb15697e407

  • SHA512

    6dd402e292e2268fb10e342001d0093f67ba5f8aefecdd325b77ea0405ee3c13d2572b222964c492cab4d0580c52d444d1e9c1fecb3f7fa43de61bdb9c30f170

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4Sx:+R0pI/IQlUoMPdmpSp04

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f256b8417180964dd0c32294e7e0d670N.exe
    "C:\Users\Admin\AppData\Local\Temp\f256b8417180964dd0c32294e7e0d670N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\UserDot08\xoptisys.exe
      C:\UserDot08\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ03\dobasys.exe
    Filesize

    2.7MB

    MD5

    6c338bd79c08fadfab641cba031046b8

    SHA1

    f5d0908a751ebbb5d90e8b66215ef1e8f69a3d33

    SHA256

    01a903223587124962d4cf6084528c8ecea2b3757b5843cf6c2efe9c807c894a

    SHA512

    ce783dc07b371091adef926db111a9f8d757b05db5f06d5fbad648730657d2e2b0c745a7450afd3063c847b59b49ed9d43cfb32336772d301e5bc47308c430f5

    Download Submit

  • C:\UserDot08\xoptisys.exe
    Filesize

    2.7MB

    MD5

    f9a43f236731095262e76ba2302258f9

    SHA1

    7bea2b509af733e9a50393419e2265d052134158

    SHA256

    2b2bdc1d57f7348037f52ddb76a087306b4a3b78696295f255e92d7965a9c4e4

    SHA512

    e014c5ad279f204ee672da9638254039267f4a92652199b49d5b6ac65db2cdefe50e1de1194628977d4e0884005a7da2d52d74c8f67f9b7a706f7de3ba153ea3

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    e6e0a3f0a8b5354142431d1c1d7ee018

    SHA1

    6f5f1a163f5e3817a37df30d7e05444534a8b2a4

    SHA256

    5b23bd845c888cd7b7948612151c5758c6a402d67002ed0d9dc9ba22b5d6cb0d

    SHA512

    878fc3fed63e78ca24a11e8887996d0726c14635552688e33c331aa6e30a51912e41226cdd5e027002491ac37d1969a4c680ec2453ece7f1af4d5dbd288d40be

    Download Submit