Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9dfe5312a9...0N.exe

windows7-x64

7

9dfe5312a9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 09:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9dfe5312a94b4669df4c03c9b9e99970N.exe

  • Size

    2.7MB

  • MD5

    9dfe5312a94b4669df4c03c9b9e99970

  • SHA1

    f28465e56a254e9e85978b473b920d7e89c658ab

  • SHA256

    fa657b0e187b1c82570b67b38569e4fca8981f72b8e7a6073b4c70524bdfda9d

  • SHA512

    c28f218a92bae68a44a88a65bcc0e6a7c50f0d1982b25cc2eecddb555cee85a614c303458eea8652c49dad07fce032ac0bce27eff69c116839e1f79307cddd62

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBi9w4Sx:+R0pI/IQlUoMPdmpSps4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9dfe5312a94b4669df4c03c9b9e99970N.exe
    "C:\Users\Admin\AppData\Local\Temp\9dfe5312a94b4669df4c03c9b9e99970N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Adobe45\aoptiloc.exe
      C:\Adobe45\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBWB\boddevsys.exe
    Filesize

    2.7MB

    MD5

    4b97d1f5b301af641cfb689e42a42a51

    SHA1

    5bc0a3ee760918b916f8f50dc329c46d6ff9bb9d

    SHA256

    afccad81ec1d09fa347eaebec65abffc8fcd703a3aa03aa027491b1ecb7c52cd

    SHA512

    29e49d6dec981b2c0bac9ed9fb2f7ee21a91c2fa99731d1b74b0b4d568061a48188c47a7525e7be88c99ea4b46d3d6ca521cb0bc85a14184901d9954baae56b4

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    198B

    MD5

    dc69a16796029ce7bdb89776fadc58eb

    SHA1

    5c9c9afd58088e5b6de830c8e9d2b23df4f8978f

    SHA256

    b6125ee80c949cbc7e4b4183ddf5f48b42f2ab844ed3d719e886943514a16b0c

    SHA512

    07cf99afd227033a20cedb69f18d7017fb4194dd97244fdfe545bb0b0fbe0ec54935ff0bdaf0ada71c2030ec352fbaff42e14cdb8de138362979f0cb62c28a5e

    Download Submit

  • \Adobe45\aoptiloc.exe
    Filesize

    2.7MB

    MD5

    fe16ba897e135932e717358430e487d4

    SHA1

    07a32eaada9ae41716d37b82309ad2df2d8486ca

    SHA256

    9f208e7500f89fd538044b77fa0ee79afa2d7922a5c41f67c6ee4725ab69b858

    SHA512

    f69b153e3aeeca9fa9fd8601ca650fc6ef421794c51a7698251735df0a8312b7b5f3d60e9ea2c7df82200e473011ec991702e3a60878626eff22304c6241acc2

    Download Submit