Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0ad55bc51c...0N.exe

windows7-x64

7

0ad55bc51c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ad55bc51c9fbfbc6be1dbdc6b145150N.exe

  • Size

    2.7MB

  • MD5

    0ad55bc51c9fbfbc6be1dbdc6b145150

  • SHA1

    de89840f374ad98a06207bcca6a6ca3fc43dae7e

  • SHA256

    2cfa36a6c3a36d52793327ff366f4f8c77c15a6020027325057291b57b33ad77

  • SHA512

    dc0538b60e420f298ae5822117577b673d51006e5a9630ad521a54548524fd571499e1bc342cfad6117539d114620f43fc39795da09bcae5efebba6b6014f9cb

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpH4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ad55bc51c9fbfbc6be1dbdc6b145150N.exe
    "C:\Users\Admin\AppData\Local\Temp\0ad55bc51c9fbfbc6be1dbdc6b145150N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\FilesK1\devoptiloc.exe
      C:\FilesK1\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    d294cfa2fd2c0476fcb6c7eaa4065fd3

    SHA1

    badbd2bc8b9dd68769242a95e006346c0cb77823

    SHA256

    d6bc45a4a3eacee7434c0036a9b960e00afb293a259dac6b7af179f07f417718

    SHA512

    dfe05db4a8954f5df407c9785c68eca146a3bf30b6ea71b006550496bcc3f5ce33cc63ec34469905659ce956dfcc8672f6171d969231190932d61781d0937277

    Download Submit

  • C:\VidHQ\dobdevec.exe
    Filesize

    2.7MB

    MD5

    613582a7695703c8a384c09fedb2ce6e

    SHA1

    551ebcdf8fac6f6cf988acb7a7498c0e11ec75a2

    SHA256

    b04fec4d15d04bccb270615277123f4b703faa0936e01d11767f19ed012c691a

    SHA512

    e8be23890295f14419639b349899683e1b4ebdded3bc006fcaabde2407abcc114cf14cdf1e3f8b492720a9d1920a6c5c2b630c641fb1de7bca9f7c94dc9cdd78

    Download Submit

  • \FilesK1\devoptiloc.exe
    Filesize

    2.7MB

    MD5

    d14f46a3294920bdd16249155c89146c

    SHA1

    6cff0b5178b4adfcc81a6317a3345b4aff1b6943

    SHA256

    caf17a578cfe3c0edeb19454e15ee3b839172d91fd6cebac284867aa905ea395

    SHA512

    144c5ffe412927f2b5bebd1007da4c40ba4da92ffa8400873ac66bcaadbf921a460c2cc0f3139b6d20c75e8bb71be651e1125398023e5e5d98438436d26e2e3a

    Download Submit