Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4a8c78a1b7...0N.exe

windows7-x64

7

4a8c78a1b7...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/08/2024, 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a8c78a1b799af7db766592e6b4e2f80N.exe

  • Size

    2.7MB

  • MD5

    4a8c78a1b799af7db766592e6b4e2f80

  • SHA1

    6f357f3233b7ae44133c9315c4e1e509ac72acb0

  • SHA256

    a6da86a44009ba875588545c70db63a26091051f942a7afd4b4112612d59c7d0

  • SHA512

    28813157020bf0814c967d3f77b44e78483e3847c35c85012e682f041d9a899feb14a625cdad71cb2bb2f268f5d6abec40af173a5ef351ca17a0ecc0d3eaf190

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBm9w4Sx:+R0pI/IQlUoMPdmpSp04

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a8c78a1b799af7db766592e6b4e2f80N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a8c78a1b799af7db766592e6b4e2f80N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:516
    • C:\Intelproc99\devbodec.exe
      C:\Intelproc99\devbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc99\devbodec.exe
    Filesize

    2.7MB

    MD5

    362775d514b2417805e4f007aae4e3c5

    SHA1

    6233d2343cd89792f164d5bf50fd4080d420d351

    SHA256

    ab34ea6ed7ceaa12b41f7a77c257bd86606fd05d25cb856465794332bea6bd78

    SHA512

    d2b0360565b384bc5a8d13a888fa41ebba4eb3a53f09eed14b2efb7a16390e0549db1e0b18d7be0023b93350afe32f1b5fb79d49097827b7ed9b60827f2b54ae

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    79207aa5ca7db319c77c447e6cb17f07

    SHA1

    ee7d34bd755fe6eea3cd892f62351cb0268f77ad

    SHA256

    1fc053370fcf911d0e72357b9f7a74b56ef25a2fa503a5c0f6ca48e145ca5b89

    SHA512

    633d4e9c9e584f2cdc08bbd3f5bff22830a2cf47943bb0cb9fafbe9d464d034440307e4246e54e35d7e770b89219f3837f4339e7d6bf531b687bd4490014be1b

    Download Submit

  • C:\VidDK\optialoc.exe
    Filesize

    6KB

    MD5

    320719c96854b0a5fd311ad8efe3b90c

    SHA1

    929f6f68e9d0ac11ddb60ac23f6df8e912623717

    SHA256

    bd7ff3d8c407c624edd5ceb1265060b5503e5a215dfdcf474c9d311d2e7612d8

    SHA512

    2b1fe1fde8fe575df017873514f9b0313565bc3fe9d79bc7d99a68a366bba63b2cfe02be2b7261cefccc38ad68dd6b63b8c98bf9bf50e57119b8396d3e0476ee

    Download Submit

  • C:\VidDK\optialoc.exe
    Filesize

    2.7MB

    MD5

    108337c333b134d6812e0e41aa242522

    SHA1

    ce4a025f2392bc7c4a3d2a96feec3ab0b2f75ecf

    SHA256

    1cb0a18ac0f2ecc3ef04806bcd8ddb59d8eab3552a1f082a2717382437ceae68

    SHA512

    14f20892c3cce3d75c853aa9df9521975759a528a545c26f7a03c9ca87f0b0ed96d5699370f0f77603dad405179626772d09cf659fc1a37c9b72f74cdc67d537

    Download Submit