Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

68aebb5bb4...40.exe

windows7-x64

7

68aebb5bb4...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 23:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68aebb5bb47e253631d2905d3f042978b0fc2fe0dd44bc2a3d0ae74fab939440.exe

  • Size

    2.7MB

  • MD5

    5741f4dd4c1625eb2212cda03aa8de10

  • SHA1

    5d7b6f0dd2bb4694b130404009c85566c061ff75

  • SHA256

    68aebb5bb47e253631d2905d3f042978b0fc2fe0dd44bc2a3d0ae74fab939440

  • SHA512

    58493915ef3f4d3b704690bf6e53b6d76ca4a1dee3279319297bf3487c06ae3b3e1eec4da7d0879889205f3c1b3d27f954088cae9e9f3979492af4a89c04c97e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBF9w4Sx:+R0pI/IQlUoMPdmpSpd4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68aebb5bb47e253631d2905d3f042978b0fc2fe0dd44bc2a3d0ae74fab939440.exe
    "C:\Users\Admin\AppData\Local\Temp\68aebb5bb47e253631d2905d3f042978b0fc2fe0dd44bc2a3d0ae74fab939440.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\FilesCJ\xoptiloc.exe
      C:\FilesCJ\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesCJ\xoptiloc.exe
    Filesize

    2.7MB

    MD5

    4aff38e35447e2ca9057d2c66c23ae8c

    SHA1

    efb5bc89736395cbb94521e476acb83629cddc3d

    SHA256

    c0424716bae9f395a84557f3eaf0c31c7eb4663718e1c318b743e378abea95b2

    SHA512

    e32efdba9b96cb07409d6e9c154a0cb4907cd7f22d381e95fee7cb3bffd804ad6c050bf340991a4d9fc35cdf38ad508689570034829b4422f73e72e253def03a

    Download Submit

  • C:\MintUD\optiaec.exe
    Filesize

    2.7MB

    MD5

    b86d2d00a008cf8ed0155d3fb4d823f0

    SHA1

    05b9d20438226f097916228261b5eb186c19def9

    SHA256

    d91394d3fd2e3acca07a8b22cc8ed5944891bdb56cba58c873122130af113d8c

    SHA512

    34f5ea546f96344892166cde628aeaaab10a1697c99ce526047b1db40279656b5e74f870fecb7a02c378f81a524b4e63bb289e2d1b3c8d3a2a78838d37ff7c4c

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    ef615edad9ee41fb2c0a375806cf059e

    SHA1

    acd343cb33bfff083bfb8c948f59a656367b5cbe

    SHA256

    a40ee6d71e05f20a278e04c3a631503628c2322fdafb56e83247ad25aea2fed3

    SHA512

    f3170f1860d76ef813e5d2f54bd770c7ee5e8373dfde1dd57bc20cf69afff4a3f80a54bb432849598b716d32bb1bc314dd3488c57481fb5fc08eb95c1ac3205c

    Download Submit