Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

263e6b643b...0N.exe

windows7-x64

7

263e6b643b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    263e6b643b25619cffed711bfff69b30N.exe

  • Size

    2.7MB

  • MD5

    263e6b643b25619cffed711bfff69b30

  • SHA1

    c45cb71e0444e66979eef1b5f93d656294f84804

  • SHA256

    b4e0cce8d4e9d33a2b5624e2815da906ddd60614696a7bdc5b4fd585ac4b87ef

  • SHA512

    c7160ad2bd2a0a9e768469902d6f95615d77081d2bf6becdb0fc874489ba3a61f49cd9411664a853c3649395d9840303cb6512e3e54d00a6a2b2812c22cfa04f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBM9w4Sx:+R0pI/IQlUoMPdmpSp+4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\263e6b643b25619cffed711bfff69b30N.exe
    "C:\Users\Admin\AppData\Local\Temp\263e6b643b25619cffed711bfff69b30N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\AdobeFA\aoptisys.exe
      C:\AdobeFA\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeFA\aoptisys.exe
    Filesize

    2.7MB

    MD5

    ae2709caf67c87a8db7ea36b479e0dc4

    SHA1

    4e296c4c925d3b1b9bdbadcb4955e2699c0cfe59

    SHA256

    73ac8e2b23d31229f54b7ae9a335449c6a1ed598709cb09acc28937e45e17c17

    SHA512

    4e7ace56361374e2ae6458f1e2ff00c1a6968e74551390d352b58458c6ec4614b70eec288bbc0d5e8257d79f6c06681709df1b114fd9bca1c97339aa452ef50b

    Download Submit

  • C:\KaVB80\optidevsys.exe
    Filesize

    16KB

    MD5

    7d8a03215552916f8ae5aaf8df8da50b

    SHA1

    a17393562ddbdaab8146e6c02926ece9f2c8f2ad

    SHA256

    5fe3f610226a0103548a15bfc4f2ba5447ca523031ffdcd34159dd1347028bc5

    SHA512

    8d7915f54fa6c59d815f7b2b43391b98a0e78665d9be3f8da6f49750d6a0233b5d831af24f7e1f000607727338770c2e1b988725cf90081fd50a790138b17616

    Download Submit

  • C:\KaVB80\optidevsys.exe
    Filesize

    2.7MB

    MD5

    a8968eb994229fb41e2416546277e515

    SHA1

    62bb3cddd23dfe3ad71fa2b72c397e19e8eb15c1

    SHA256

    3f9be8d1f132d37309145fdf5c788652315e8cca1884991e0a012430f05e5c8f

    SHA512

    cdace43970e329b7884b0ecf43e8b9b973d76cc0d97b4c8fce51b1c0bea0f8c07a4b70cc737b5744c96e1795d6312730e4c507cb6d5cf66606f2d1e38847b1ce

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    8c5bca124275a71bad7864b6d31138f8

    SHA1

    8d2cf5bbaae51f6ab115097f8ad4280a4471b9c7

    SHA256

    6c21e21deec2028c3778db4ffdce7088424ab740583748b8f2392356c21ced52

    SHA512

    3de5ae5ab6987c64dcd012499c3a56f223a95b476c9837260ab36974d3878301b875a924c862c7a2cd6d249fe87f4abb58baf9d98cd1878ec6c56f59096b214a

    Download Submit