Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9e355320ee...7b.exe

windows7-x64

7

9e355320ee...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e355320eed83d08aacfeded45d219cbfc701152c228e1f99fa9fbe14ec8d47b.exe

  • Size

    3.1MB

  • MD5

    db787396c3284340a3a0e7d728022652

  • SHA1

    89dab8f28f70b05295e4cb3b10a8051a71ddaa7c

  • SHA256

    9e355320eed83d08aacfeded45d219cbfc701152c228e1f99fa9fbe14ec8d47b

  • SHA512

    9b7a4f07ae79ecab55acf1e01e200cfd8efd2aff1ae8402f4a48177424bb7edbc6adf70b455bd3dfcffb4b115b7d5cf1fefbdcabb0a5ff58559ee9dfd9190933

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Su+LNfej:+R0pI/IQlUoMPdmpSpX4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e355320eed83d08aacfeded45d219cbfc701152c228e1f99fa9fbe14ec8d47b.exe
    "C:\Users\Admin\AppData\Local\Temp\9e355320eed83d08aacfeded45d219cbfc701152c228e1f99fa9fbe14ec8d47b.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Intelproc32\abodec.exe
      C:\Intelproc32\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc32\abodec.exe
    Filesize

    3.1MB

    MD5

    5ecde79cc699f9f0c6235e718dc17818

    SHA1

    3e01820d0127e38caffff79a3e6d30bb629eae31

    SHA256

    0c5a82cdd92ef6f0884ecba12abebcb33aad8c71b9104ed74c33fd178f39e7ea

    SHA512

    57addd56d253aa9d88d46d1b3c59ff9b09f87022ab33a54afa98dfec84f33f7afc0ca3b070ab2e23f8f4786e3cbec0e06f2f374c7a7e1ed6838dcb0316aefe17

    Download Submit

  • C:\KaVBZL\optialoc.exe
    Filesize

    3.1MB

    MD5

    b979bfc5d796a4da7712876990764b93

    SHA1

    e83165699032f3304fcfc663b4f0cd4aa443155d

    SHA256

    11303ab573ee6bda73a388ce07375e2862bd4bc486b8a1c8ea1620890d08d641

    SHA512

    7307e38d158573c251a01c0c31a1696757c3b502b5ebd8c29b351d6317b78637d48ea1b56426eaec169e7cf9d966e524e30f4f8b6ba76120db871f9b91362bd7

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    212B

    MD5

    19c53d3031dc26f646961606d09233c7

    SHA1

    1f997fa33fb4c551ccba4e815996d01174924258

    SHA256

    f7cd1ca4f625046e1f89c13f6ae2fcb4ee01ca40a69546b18ad66f194c434ec2

    SHA512

    f9416c440141ed11ce7d8e1389a6258b1bba32cc164be797e1b7a38632e1ad9f1a9804b38283cafc50d6dc5aef837755aa2dfda11493434bd30a5743849c0e90

    Download Submit