Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

26a70b2263...d4.exe

windows7-x64

7

26a70b2263...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26a70b22636d10f11fd59b1b88f66a9990a41ee8999b12133954d9b902e5b8d4.exe

  • Size

    2.7MB

  • MD5

    2f9a06041212526f922451d18a91fa76

  • SHA1

    87a23a02a97b81aba35c5d2b9b399f0c5b3c696f

  • SHA256

    26a70b22636d10f11fd59b1b88f66a9990a41ee8999b12133954d9b902e5b8d4

  • SHA512

    3dbeb7eed8b3f5e669a01d259d33e530475657df04f3abb63310036669ba15d6e96dbba62f00215192a219c6ad4f2683f569fb3d1456080a2504b50ebbc92348

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBE9w4S+:+R0pI/IQlUoMPdmpSpO4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26a70b22636d10f11fd59b1b88f66a9990a41ee8999b12133954d9b902e5b8d4.exe
    "C:\Users\Admin\AppData\Local\Temp\26a70b22636d10f11fd59b1b88f66a9990a41ee8999b12133954d9b902e5b8d4.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\SysDrvAG\aoptisys.exe
      C:\SysDrvAG\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBJ3\optiasys.exe
    Filesize

    2.7MB

    MD5

    0a4b27bcfccc96278338585771f02512

    SHA1

    fe21dae61b5502adfe2cfafe0cdd92646437dcf6

    SHA256

    4e7c091f8c897497619e638f72a05aaa66032f1d17373b64791ae46874d5ffa6

    SHA512

    2532ae9b5997a6127c8b694f3e78bfa4fb0fed5b175f610fd77386bf6419b5ec15c5fd9f83240428e0348f58bcba688c802294feb3de9be1c57bded837c9d9c0

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    d1f3e7c3c5a8229451c029994bf63040

    SHA1

    6846343aa88964076044adadc2bfd5ca6381b01b

    SHA256

    b232d706ce2f319acb50613a99e2cae7f0e8274aaac15d06f1547d3d4fc71836

    SHA512

    6d04607a7e925b365396869f06f2d318842c0a7eff947df7d7440b2fef2fa7e485262081422e1a519e12d41f924b88fd205437bf0d55fc3218c2954d9dadd2ff

    Download Submit

  • \SysDrvAG\aoptisys.exe
    Filesize

    2.7MB

    MD5

    5d584f540a5b03fa884281bad87bbaec

    SHA1

    2643d991c439cdbd23b39357603ce3a7a56b0c60

    SHA256

    bf88690f332771a74213f09d362c09993c21f1297c868aec7af67df07d914e48

    SHA512

    f0a9d1fd09cf2fcc67122570fc60339d3151cd148b95780e6182789e316bd496bc59bcea8d45fa37aaa265ef7e3b7b09310bb917a519552a64d81b136e98a38d

    Download Submit