Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

672ccd990c...0N.exe

windows7-x64

7

672ccd990c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    672ccd990c5fbdf1ed424c64d74458e0N.exe

  • Size

    2.7MB

  • MD5

    672ccd990c5fbdf1ed424c64d74458e0

  • SHA1

    93fb45c439f9aba8a767bc5a9dc9abae5a349d8d

  • SHA256

    552fcb950922445a3d5dfcf8526e7ac0a2e6d27ced7338078e3af1ca09f64db8

  • SHA512

    6157f80f923fd4dc36d0815520fe6ea28fc9c13025013b9fe4372543fe2a580ac797b1e74af67d323dee8d69006ca879d4715acc6011a0300bbda527aaf7e8c7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Sx:+R0pI/IQlUoMPdmpSpX4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\672ccd990c5fbdf1ed424c64d74458e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\672ccd990c5fbdf1ed424c64d74458e0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\FilesE6\xdobsys.exe
      C:\FilesE6\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxO3\optidevsys.exe
    Filesize

    2.7MB

    MD5

    ef3261896fca2309abc0c7c4cdc81f49

    SHA1

    63933125f3f8d5a32e9cd83be3659c67c2bc8e7a

    SHA256

    77082e532ee08c6e7e3641de7ad5596523c973ddd7453e1ef00f76c9db8f3247

    SHA512

    7424d0677a57915effb4fad3cea4e20acae1d3c6b3d3181d00b2290b94903f46c2902ba073295594b37c045c2038b6f673868cee507e10f1a395a3c4cc497762

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    42b3b34c9947f9113e28704981471932

    SHA1

    c871dc8d5947671bc5c4552fd4f7d30fd0af3fe2

    SHA256

    e412b6ee53f8a683fe0be61f0309fec24a7c75f639124135cad25d4fc5bff407

    SHA512

    373604e35d096edb37363516be33d658414e2d8f48b31eca24159967f793e4af4a3f1089acf5f492ca255c484ca8e84cc30a496f6557efbe7816904709d0c8e8

    Download Submit

  • \FilesE6\xdobsys.exe
    Filesize

    2.7MB

    MD5

    01eca5777473554065ab6f73b180b029

    SHA1

    f646bf51c58bb39376158f3dd6cfcc060e73825f

    SHA256

    bb5ac824b4bf812613adc2c3563d11c233b00a8e1cb57bb0d866d350baf62b65

    SHA512

    f645bf293f3debe2b82ec4d0065d16d7bc351c6354c9b64caa19a16fc2a4367f47525b300cb0e2013ac811781e883a1de2b6fca86d5cfe29757230afe9123547

    Download Submit