Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ddba06d576...d7.exe

windows7-x64

7

ddba06d576...d7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ddba06d57625c8b4176b548351225a35c316ae9dd8fdf3c25d1c7a5cba78e9d7.exe

  • Size

    2.7MB

  • MD5

    617b35f38748aed9d3ab8e269e49b7f8

  • SHA1

    ab549551f6c87858b4ab4f1f79b4b08fc14bf53c

  • SHA256

    ddba06d57625c8b4176b548351225a35c316ae9dd8fdf3c25d1c7a5cba78e9d7

  • SHA512

    56a7696c0ddc7e853d63797477ad3e7560d37d80759bd7980f9cbecbdb2bba8bc07a06f83d552a6f4d63e04b4733d63f6b2b9235701d22df75be77bad68c9758

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ddba06d57625c8b4176b548351225a35c316ae9dd8fdf3c25d1c7a5cba78e9d7.exe
    "C:\Users\Admin\AppData\Local\Temp\ddba06d57625c8b4176b548351225a35c316ae9dd8fdf3c25d1c7a5cba78e9d7.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\IntelprocEZ\xoptisys.exe
      C:\IntelprocEZ\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBKK\optixloc.exe
    Filesize

    2.7MB

    MD5

    f635a715ff856a4bea11a6c4630acaa5

    SHA1

    5b12a1638405cafcd75164f5e73617ea82a77518

    SHA256

    52c3613227b61277ca61d53cac4630013a94c4c910d08e204ee01319079e40dc

    SHA512

    129244343e5510fbefa1372de4aeb6efaffc72f850a2c6ac24cb17710678ebb81d6f1a6a35d431d1e99b6811d6fccb8db5703feb8f90ed237e2ea63668180877

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    cd44601d793cce3702dc0c4b9ea2c581

    SHA1

    dbc69067508cca5bb5db60616a3abc3a79cbd110

    SHA256

    548bce04ebd5f9e5c83a492f5d26de19922df97bb546382f69e61497913fbd30

    SHA512

    f80413a5e8b30d6a405f6268af7592d2ee036dff998763b2fe995b66d67b162b5405f7c2089df1b242a0b30c1cad6805eec36d2493aacae28e4d1a05d37edc50

    Download Submit

  • \IntelprocEZ\xoptisys.exe
    Filesize

    2.7MB

    MD5

    ade69d8a009aefa6a4e10f8a029958a2

    SHA1

    a832a475d594c7cd2dc70dc5a3830b95855cd159

    SHA256

    0b155046954deb7217264b6768a9bfacdba6844b2377ee354a0cad7ff7aa222a

    SHA512

    2fd17ed6f9d34615be79fe41657130f49cced6ce96cd25ff4273f3f07245088223c13d9e37276dfb15ff1f6a67aeabc77377a5b96c1280b8f794bb92555b84fc

    Download Submit