Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

efef5f2f5d...a0.exe

windows7-x64

7

efef5f2f5d...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efef5f2f5d849f0c409092c08c8ad9772e0eb05bde0f9cb123baad8ca4c07ea0.exe

  • Size

    2.7MB

  • MD5

    905f7c7f4b620e7b0be478c6dc443688

  • SHA1

    ffd43243eb84edef1935004e12bf06434fb14ff6

  • SHA256

    efef5f2f5d849f0c409092c08c8ad9772e0eb05bde0f9cb123baad8ca4c07ea0

  • SHA512

    b08bd96d8808cacb4af3153ec82fa0822fc75ee61c5dcc0d3a70eb430b12a05651f734c7559e92a133899549872f2eb9e6ca8bce3c9cf920efd2996ae7604a5a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4S+:+R0pI/IQlUoMPdmpSp64X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efef5f2f5d849f0c409092c08c8ad9772e0eb05bde0f9cb123baad8ca4c07ea0.exe
    "C:\Users\Admin\AppData\Local\Temp\efef5f2f5d849f0c409092c08c8ad9772e0eb05bde0f9cb123baad8ca4c07ea0.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\FilesJB\abodsys.exe
      C:\FilesJB\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax4H\optiaec.exe
    Filesize

    2.7MB

    MD5

    ac8ccd583be26636487ee15f63a5b4f1

    SHA1

    f122f27184651fc9991d4de596e7bf5940db005e

    SHA256

    ae5d749dce7bcbb55630b09c2e04fe3d03550e012ca45ce5a3cf2a47bf71176d

    SHA512

    d30cbd0fdb985f8766b7d36709324db6eb350cc77d08c2cec57079651c04ad4ef043122e1d7802568ecaae5811fdda29c824f95a5f907524323bbcabeeaf269d

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    97911c948fdd944bbf2bcb103670fbc8

    SHA1

    8083b1c291fb32d4d25cc4161588f278b798f0b2

    SHA256

    5f62a3f04fc67cfbc83461bc6efcf0b17db88bd5e94560199e2d3ba8cef68859

    SHA512

    024cdcd511107fb588afbdee7867243c1abfc8c342a2f7267201f4635a6e0c1d73c7222dcc184a128019374ae2b93f27ab300525b09cff99c4b5a99610134c3a

    Download Submit

  • \FilesJB\abodsys.exe
    Filesize

    2.7MB

    MD5

    a78bd5f17c3c39ee8819af41b2bc1837

    SHA1

    242f0277deef40f26062f21048885a076969cf39

    SHA256

    0a1471aedaeaf6fef58b28807ff8eaa8b795b65cbeba9e9bb6c0693f15262ceb

    SHA512

    1aeb2b319b575343b7f8f49c9a4c632420b376bff6789ece065b8633296f520b5f8ddff020f4de0d09c78d0cdd77586599d2923e4a4d71a54c2a62db2a8535c9

    Download Submit