Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

76c5996c8d...21.exe

windows7-x64

7

76c5996c8d...21.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/07/2024, 00:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76c5996c8d95f5605b94ff3db86ebdc6aa51cc3bcd702a31093f640defe25721.exe

  • Size

    3.1MB

  • MD5

    9e19035cf5640731cecb4b8a789ddf39

  • SHA1

    10098d572f131f1f4e9895f52810f1d98bb60197

  • SHA256

    76c5996c8d95f5605b94ff3db86ebdc6aa51cc3bcd702a31093f640defe25721

  • SHA512

    0c2ced611ec21d9b5449ecddc2b7824308444d775d05369f1b3b8a43302ef3a44fa439ec81993f69b80eec63b879822f3a86844447e5d536a727c7e7294d2aac

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Su+LNfej:+R0pI/IQlUoMPdmpSp04JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76c5996c8d95f5605b94ff3db86ebdc6aa51cc3bcd702a31093f640defe25721.exe
    "C:\Users\Admin\AppData\Local\Temp\76c5996c8d95f5605b94ff3db86ebdc6aa51cc3bcd702a31093f640defe25721.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\IntelprocQY\aoptiec.exe
      C:\IntelprocQY\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocQY\aoptiec.exe
    Filesize

    3.1MB

    MD5

    4060adf9c3d2229846d9ba0966c3e521

    SHA1

    a01a0eed7904a84c71621896756d742f32267679

    SHA256

    ab4d08c545d2dca99667df8fd1aad1b560cf1c83ec118fa859daf3bd4cda9ac5

    SHA512

    1a21cf274393be5b53175d367593fbd3ebd8125407850fbbc65ae1975916b2504a087fafd2abe2e08520a3308cdb0770793acb6ae32160838c1a595daaf4f9c2

    Download Submit

  • C:\LabZ54\optiasys.exe
    Filesize

    32KB

    MD5

    57e51c1945cf4674e3f977b786043346

    SHA1

    2d5f0edbc6cf1a5e9efb1e691651c37ca5f18cfd

    SHA256

    1765dcbc6bf3dee4698d2d9dc8553d474eab57484628c05102bdbe3f506e6fbd

    SHA512

    9a1b0d78cfa930ae4587d4f26779999e875f963344f3e87d13d638b2d4f16b885c7f7d2c2c033949dd5c41ede97ff826d04ca4e1a5433845b3166e48cecf64ae

    Download Submit

  • C:\LabZ54\optiasys.exe
    Filesize

    3.1MB

    MD5

    c556802f9f355b22f7d2f061471648d6

    SHA1

    4715b1f2e62bd94aaada56e550301714a2b42cbd

    SHA256

    051cd4af532232c555ffd858c42a19f6a63605fee58a55505529b8e0cde3a0ee

    SHA512

    d8127c13ef0a405cccb60772417e4abc46795f18bb50097afd7c294213ee694b0469d6c7e85da540503941c86fcf09ec8dc2570c01a4f8a08fad5669097ffbaf

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    72f968ae98b126a56c1ec3e7c55dd841

    SHA1

    fe0a9af9f721d12bbfed23e4d36396123e7fc3be

    SHA256

    5acc9d56761c8c84809b0153d51fa0eb0a847f24bef59081587b45ecd81bfa63

    SHA512

    947618c2e8f5426519609beb0f0c733c47308e6035950faa61bbc4b659e611684b07f5108431920bf04f06666270ea378ad8f13546dae100573ab56e5100bde3

    Download Submit