Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6c3031687c...0N.exe

windows7-x64

7

6c3031687c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c3031687cafae6998100b6eb3967aa0N.exe

  • Size

    3.1MB

  • MD5

    6c3031687cafae6998100b6eb3967aa0

  • SHA1

    556aa91bb801c32bfdc726daca9e4d12bafa7b0f

  • SHA256

    1ead031315e6adebdae83f3ed3651ce6231b40ccdea6a99258a7e513cb0aeedc

  • SHA512

    62a0c0777556e7e8d5075710de4b7f29bf7adf090ae755289394d2c652896fa5c2b3d4128bf3f922a3628fa5db509be01ca18f36c9f42df1501314aad47c4d1d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Su+LNfej:+R0pI/IQlUoMPdmpSpq4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c3031687cafae6998100b6eb3967aa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c3031687cafae6998100b6eb3967aa0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\UserDot5V\xoptiloc.exe
      C:\UserDot5V\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintBY\boddevloc.exe
    Filesize

    3.1MB

    MD5

    8e25a91cca1e6bb2b5f603603dd00450

    SHA1

    50fc8296037eeeccd10d16256e7c1768a197740a

    SHA256

    be17f20279cde99e158ed16229adf462148539c2dcf5134bdeecbd2a24eb9638

    SHA512

    6c7953662a5abe96e6c323d8489e9cfc2cf8f1aefa34a527e4593e31151b6d84b62adb70157a2625f6ef891c2e08938e90af5a0a80e849dab65ac0d4604748aa

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    c3f62d561ebcdf6625b9159652ab7dd1

    SHA1

    534c4922bf455f795babef5c93e0dc8eb98c59c5

    SHA256

    b1a0a2a1f4a3395c5cb2f5ecc58bdd733eefd37d003d0dc330f69a4bfecd059e

    SHA512

    54001d6376e924eba948fd83e3647a4182a324b5e276cccda34f99e416bd67df46de624d77c30628a8c09b588ef32eb351fa042a903f11bd1e47313f0568d2fc

    Download Submit

  • \UserDot5V\xoptiloc.exe
    Filesize

    3.1MB

    MD5

    8b3ca57bd6183745ad2737116f76b81e

    SHA1

    b35321035f812f483967bba42c6001bb9406b34b

    SHA256

    8660d669536e1d1d1e591cda7b18df2de60faaeba369a58278c2d965fa456ced

    SHA512

    5be42c8d64d9a081255512fc28575fae5149dc0f561c01e90aacb939c69ef3406b314779febdf94a38dbb320076e7d434e1a5ea31a7434feb917c3b1bf2d8dad

    Download Submit