Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6fb5509b71...f0.exe

windows7-x64

7

6fb5509b71...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 22:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fb5509b71cfdd3ac59431d7e4b97db1ed91daa2ca5481aa9c9dd7ad848145f0.exe

  • Size

    2.7MB

  • MD5

    3537b2e7b46a0f1a2cfd6bd8c51d3a9a

  • SHA1

    5abf1b26db7fc08ad1a83c9bc681cb55b0f5d87c

  • SHA256

    6fb5509b71cfdd3ac59431d7e4b97db1ed91daa2ca5481aa9c9dd7ad848145f0

  • SHA512

    22f00b81e2e57bc132de3648da242b20c950277cfe400fe8b4c07214fe4af2f21087c33d38fe62b0a79c0c9a1497d9b6bf29525cc675a62f0f910f37c7cd984d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBm9w4Sx:+R0pI/IQlUoMPdmpSp04

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fb5509b71cfdd3ac59431d7e4b97db1ed91daa2ca5481aa9c9dd7ad848145f0.exe
    "C:\Users\Admin\AppData\Local\Temp\6fb5509b71cfdd3ac59431d7e4b97db1ed91daa2ca5481aa9c9dd7ad848145f0.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\IntelprocVI\adobec.exe
      C:\IntelprocVI\adobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxU5\optixec.exe
    Filesize

    89KB

    MD5

    b4bfa1e141a7e2567c031aca95b47f90

    SHA1

    d58492fa0a1708d343511dfd91412bb7c86aceb4

    SHA256

    4db0ab39eb79aed222b30e3516449d50b07d38a5b144e598279cf89110221466

    SHA512

    a5f58912c6c68d3325d9073747c0392cd236e6caa4c5b53b9f4a9c75857949f891bc4ef3af201d9f00343136ff6bc6b3e7b17bef336fc55fd7ee9c28cf6b32ff

    Download Submit

  • C:\GalaxU5\optixec.exe
    Filesize

    2.7MB

    MD5

    f29e40d8ccb44bcced4cba81f1d3bfa8

    SHA1

    f7ec073c763cb58c256df1544bd9e17cc7f9b2f5

    SHA256

    4f51863788b83201659b09fbb15ca1b004d37268ffc805f3712462eb232fadee

    SHA512

    dad8a2e0ef5ecd6affcac84d21d9f1bc8953e07c42340eb4d92cd6856384c0b90b3520a070b64d0eedc96953cffecfd31ed2337625573c2d386fdbf6778e9a5f

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    466dba23bede404d52b5091b8a98a402

    SHA1

    f2ac0002a0f13126f53da0c9d3575518e73bd2ea

    SHA256

    be7f280c4d623a0dfa8eae030022fdaaefcc3b3ccb7c335fd601c4687385c8f1

    SHA512

    823258b69644d04c91aa2a939e7452c23427e13f5046fd6fc07de2e95a0e3ef482fe6d57e3edb9a3443fe9ad95ba1dd1c474b5f80baab4f5d6574c32e36d9db5

    Download Submit

  • \IntelprocVI\adobec.exe
    Filesize

    2.7MB

    MD5

    da2603fc16372bec6deadda4208358e2

    SHA1

    8d64c8337695ce556c19fc02533feec4b45a8761

    SHA256

    8d8e124a0c44cc792fc352733fff7288c314cd30ed35cbea3750d2d03bed8029

    SHA512

    c65d3c63c970a326eb5dfdb4df8b6ca55fadf59472f5c8325f02d61c7204628fe1283dd56d9989c8b4387f33f362b1c293cbe672185e5ae9274a0fc86c02146b

    Download Submit