Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8a9951312d...0N.exe

windows7-x64

7

8a9951312d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a9951312d55bd0542805a6789f6b730N.exe

  • Size

    2.7MB

  • MD5

    8a9951312d55bd0542805a6789f6b730

  • SHA1

    8fdb6c377e6640151cdf94f69f52e3a4640b76d8

  • SHA256

    67a4f95a52bc663a51106d8eaf2f9357683077db0b3eb96e535c70f35b8c4d8c

  • SHA512

    dfab7220d3aaea57b9cd8efa0aba3425f1d048f62659c0665e192f44769e38a855690f5c839606e6ac821a9949240f559e73d8e04c898a4fa0abb09feea5bde9

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSps4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a9951312d55bd0542805a6789f6b730N.exe
    "C:\Users\Admin\AppData\Local\Temp\8a9951312d55bd0542805a6789f6b730N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\SysDrvOT\devdobsys.exe
      C:\SysDrvOT\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxXA\optidevsys.exe
    Filesize

    2.7MB

    MD5

    e9e77f9e05d1a01536347b85facdfe6d

    SHA1

    0f11f4a41b1b89ec1fb30b9ffc15db6b07351eda

    SHA256

    b5d9e1a1d88e63809667a6d572c41c3e035421ab3d0c2a48ae4b1bd81a04e4ad

    SHA512

    e808f6dc32daef8f8a6b9dbd5c84a67ff23b933b107681e2d0a2af9722f8e67efa5106dde2fed433f357265b38bb523ab945285884e94e236c6a5ef1277b9666

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    d47f58a179d02af50674171fc944014d

    SHA1

    7b42904085eb4dca2b2ed44a320df0ce4f521790

    SHA256

    128e61814bbf6a994d727c54e6237a651cb7110a2723e9af52f215dbda3076a2

    SHA512

    8bfdf7797931bd6da33c6146e06814b9854af1e8727adfc62d4f9b09ae016bf38e30997ccefd7b2911ce51433ea47864e2ba3d20fcc1c0bafe3f556e48ba0697

    Download Submit

  • \SysDrvOT\devdobsys.exe
    Filesize

    2.7MB

    MD5

    b9014da0ea489c487a37925cbf298e08

    SHA1

    344c2a0c60d78f95ccbbcffd38e32f79c9f0a986

    SHA256

    44e2d8277b5f0c93e99826857b02bfcad1ed7a555efd7ebbb99f400dde0be045

    SHA512

    a3002bfd4dbff2c0f1e3297827004cbf75a2607fa036dbc8a98e2183d59c283af68fbf85765122ffaf2bf71912950e01da52df72e14a05b08752aed48b4a6690

    Download Submit