Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5ccb73d28f...d2.exe

windows7-x64

7

5ccb73d28f...d2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ccb73d28f20444096d07f01da7dc43fbc08469b0a75c6edca793293d65bd3d2.exe

  • Size

    2.7MB

  • MD5

    b63b8a778bf6d9c311b3c0c171a5867f

  • SHA1

    741363ee8214d61ae3fb9d52c545c395ed4ff4c2

  • SHA256

    5ccb73d28f20444096d07f01da7dc43fbc08469b0a75c6edca793293d65bd3d2

  • SHA512

    42a74fcc35ec5a36ebb4abed007ee393ba51d395be122b197fabd151d38e25ac387367b7ae22ee61f95994a8810023a0c31a08d7084c6275dcc9e70f8d6dd8f6

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpX4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ccb73d28f20444096d07f01da7dc43fbc08469b0a75c6edca793293d65bd3d2.exe
    "C:\Users\Admin\AppData\Local\Temp\5ccb73d28f20444096d07f01da7dc43fbc08469b0a75c6edca793293d65bd3d2.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1428
    • C:\FilesFA\xoptiec.exe
      C:\FilesFA\xoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesFA\xoptiec.exe
    Filesize

    2.7MB

    MD5

    713ef9692f95d1602ff5b6142733c0f5

    SHA1

    ef03f841c5cc33a5c30c699f76c922145bc79f66

    SHA256

    47227c3bd01bd12a832e016f1e4fcb5dcd779d38bfa5bd7dd230a5d83f19ba6f

    SHA512

    2481a80acaac28f82f0adfe4be7697e47bf91db0e8cf5e23d33ad614ad44d05e363f89428152cba17682954536b955782bf715dea4d37321bc608f65449317e7

    Download Submit

  • C:\GalaxEJ\optidevsys.exe
    Filesize

    9KB

    MD5

    676d55289ebe3b95f7296c256f4e82c2

    SHA1

    e60fbfe20f6dd5e273a0227788c9737ab9d0dc40

    SHA256

    4867ed928df39dede7eab002d04b85c682bda0ce96a32a6a33727628533d99db

    SHA512

    f22d87cd5f6b42194b6e873536fa1708a76308c650bbac952cbbe2e1ff6d7ec7e3dd9d2fc548fcde369b32f35c3cf65558db74c57f1b0e0b1ffa1edffbb007db

    Download Submit

  • C:\GalaxEJ\optidevsys.exe
    Filesize

    2.7MB

    MD5

    952f554821f3b24cd885a4f2e00a80d8

    SHA1

    bd8291d25b644bf1dfc5baf64f11adcd2d96c809

    SHA256

    02e5e119bba3f65fd73f144f690569e5dbc19f2be754bb782b9d6c6e466b5aca

    SHA512

    e24f0fa8500eaddbfa3f7984555cb0e09e1e683c91afd9cf986ae3642f951a89424430cec027c75975441ec0aa112f6a7b206455621db5ffb5822dc73100d8a0

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    611b64fa155e6d6cfbbf96b3f56c7110

    SHA1

    01ef503943cf46ab5f0e02e4be95241d6523ba92

    SHA256

    2d370b18b6914720e2683ad595793febbaaf9bfa3532fc43ce4338d290c94acf

    SHA512

    262d70109ebbc6b8e150f742588df52db98ff1d11a701b6c5ba3db7c7edb340dcaaf4dc84a09b2b4a244d64f90155ea98a834bc6df9f70153299664ce5344dd9

    Download Submit