Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9e355320ee...7b.exe

windows7-x64

7

9e355320ee...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e355320eed83d08aacfeded45d219cbfc701152c228e1f99fa9fbe14ec8d47b.exe

  • Size

    3.1MB

  • MD5

    db787396c3284340a3a0e7d728022652

  • SHA1

    89dab8f28f70b05295e4cb3b10a8051a71ddaa7c

  • SHA256

    9e355320eed83d08aacfeded45d219cbfc701152c228e1f99fa9fbe14ec8d47b

  • SHA512

    9b7a4f07ae79ecab55acf1e01e200cfd8efd2aff1ae8402f4a48177424bb7edbc6adf70b455bd3dfcffb4b115b7d5cf1fefbdcabb0a5ff58559ee9dfd9190933

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Su+LNfej:+R0pI/IQlUoMPdmpSpX4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e355320eed83d08aacfeded45d219cbfc701152c228e1f99fa9fbe14ec8d47b.exe
    "C:\Users\Admin\AppData\Local\Temp\9e355320eed83d08aacfeded45d219cbfc701152c228e1f99fa9fbe14ec8d47b.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Adobe85\devoptiec.exe
      C:\Adobe85\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintKJ\dobdevloc.exe
    Filesize

    3.1MB

    MD5

    48cabb804fe6e69406ad40b8239ed2c5

    SHA1

    28c500425506a0400acc8338720ff50226c9dce1

    SHA256

    074ecb4d79211c1d7d1344ef10aabd64b74846d578c9326324ccc835344e050e

    SHA512

    8f9974640f004c6b7bd10408843b659d8a513bdbdeecebbb60c598b6564875b1255d18531275cb36c46555172c0a49d23f9319a3b0c8329742f485b6bb413bd4

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    f210224fb78dec986cf9c78939d2555e

    SHA1

    b2287033bb8fe3f4d47fa764bb08ae3dc771b609

    SHA256

    9663c688e60f8b50af68d3d5d7b87073df86de0a6a2c87a75859119daa37d368

    SHA512

    3a9ec1e83de242bc10e1ecae95e3184ee66fe795c252d4be81d166dd34552a89d61e993d332c8d777050b0a871f6aa5481f22f19ce9a62a5ee76440cc6f691e5

    Download Submit

  • \Adobe85\devoptiec.exe
    Filesize

    3.1MB

    MD5

    d51f9cb8fef6b6103d1bace34b193e32

    SHA1

    a306ace5c5bd911fed39d9d0290b5998ac547b1c

    SHA256

    3be02bf8c89048752febe10a7e575f73621f4f3fb14e62528573836bf91947e4

    SHA512

    a124a9619ad805b15a509a43a5875055791f2e0563ad209ec3f38bc294ead1c9b5341d59321a0926c3bf68f113a94a578a038073714d1387356c88fb7fa9ff32

    Download Submit