Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

89df74e783...0N.exe

windows7-x64

7

89df74e783...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 12:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89df74e783e31db93de93ec03cdd7aa0N.exe

  • Size

    2.7MB

  • MD5

    89df74e783e31db93de93ec03cdd7aa0

  • SHA1

    9b2f6ae72922ad4272103bb7e1cc5f8aa588cc2f

  • SHA256

    09afb153a9ebd54d3b143e3c8c85efe458783d40ccdf94b56e9f37b62ed14394

  • SHA512

    4b71b8d0613ef61dd5d43e913788ad07f28eec4f748d0e4bb7cc926999a3d8c0ab4011e2e92ff333d8ae62c6b764000ccb182f0511c3af4358c796eb21b5b92f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBg9w4Sx:+R0pI/IQlUoMPdmpSp+4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89df74e783e31db93de93ec03cdd7aa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\89df74e783e31db93de93ec03cdd7aa0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:468
    • C:\AdobeFU\aoptisys.exe
      C:\AdobeFU\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZGC\dobasys.exe
    Filesize

    2.7MB

    MD5

    87e076892773339e4d40e43e1d220f85

    SHA1

    81db7a25110992a24b4893bb95ab05eed584c351

    SHA256

    bf45275aecffc7d1f28a77e2af2b1c25ac13a43fc5e8b08c62afea24aad3fd15

    SHA512

    53ce1433cb71d71d8afd6c5b7db3b226d253b58d6c2ae7420146a2b30e7ce6a4d8d15373a9fa87c49a3348c4125386e22c32ca411233bcee9676843d376f18ae

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    272e907a0211e6e915b67f868f387951

    SHA1

    b448379625a6f6eb455363de7d68f59ab3068133

    SHA256

    91298eb65b9e4e81bb0e755eb27de24da9943698898b4f4e46d44104712317e2

    SHA512

    5b8b884431d7922efca8deb6ffff41ae242978a60de9458ae916fa6ec57b85c3e86a1db2538fafd7fd4c677c9fd650344a03014adf351472de70f77040c3ad9f

    Download Submit

  • \AdobeFU\aoptisys.exe
    Filesize

    2.7MB

    MD5

    27683d81a7098c4405cd015ab04cfad3

    SHA1

    f44e16906cccc8a503c92fd133cbf9b9702dd561

    SHA256

    7871e1d32f1744e339381534542018908f112e35f3b9bac6457cac1415572051

    SHA512

    619f38bd8ebce0fa36e3fc0564957c02cd5cfd8258c8586624e67d304f73bba664a154188f91f8ae78862acdf2dfb7ba6b2c5a6fe8c19cf799d92f3c7e1ff079

    Download Submit