Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8a9951312d...0N.exe

windows7-x64

7

8a9951312d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a9951312d55bd0542805a6789f6b730N.exe

  • Size

    2.7MB

  • MD5

    8a9951312d55bd0542805a6789f6b730

  • SHA1

    8fdb6c377e6640151cdf94f69f52e3a4640b76d8

  • SHA256

    67a4f95a52bc663a51106d8eaf2f9357683077db0b3eb96e535c70f35b8c4d8c

  • SHA512

    dfab7220d3aaea57b9cd8efa0aba3425f1d048f62659c0665e192f44769e38a855690f5c839606e6ac821a9949240f559e73d8e04c898a4fa0abb09feea5bde9

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSps4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a9951312d55bd0542805a6789f6b730N.exe
    "C:\Users\Admin\AppData\Local\Temp\8a9951312d55bd0542805a6789f6b730N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Adobe81\xoptisys.exe
      C:\Adobe81\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Adobe81\xoptisys.exe
    Filesize

    2.7MB

    MD5

    645ce91313369a863892f6c01071aaa0

    SHA1

    2092e8be4de34124a70cf4589f19605ae6d595fd

    SHA256

    3f37a3a14f796879c175e3dd416017d68f02dcdd2f93d49e01f577544a9eb161

    SHA512

    48d0ae4fb0e9f85c973a9d45c7c81295b011b10831b97e70843a5719cbd565d61fd7d03bf2a269003ad36e8107d0aa321fe3abf028ba5110adc64ad0c298cdcf

    Download Submit

  • C:\KaVB5C\dobxec.exe
    Filesize

    2.0MB

    MD5

    9c0f9f6aa4eac4e58a0111b4086c7e36

    SHA1

    19133867adf0114cb6734d8caa92a47429c7c944

    SHA256

    a7fc055886c537b52ec4aeb9ab9bf5514c5c891ef020289a6dd30e69ebf17c05

    SHA512

    d4ddf7cff23da0cd4626bfad75f10ab939da97e6841a4a3412aea25e2b1e33dddb9c09ead9be74246ad1f72cafd947b6776d980270e812a118b3fa4f280ec372

    Download Submit

  • C:\KaVB5C\dobxec.exe
    Filesize

    2.7MB

    MD5

    02c5252db7520c342f61ecc3739a7761

    SHA1

    e2ab81e56c3377797766c39d5243d6b6594c92f4

    SHA256

    8452f93e8ad272f2e10ed92c610716e3985461c1cd67dbde80f41a13eb74a42c

    SHA512

    112208a4e57c5b0763c608b0ff8bfbfd0e4bca4d96f644aa955265ba941c266113be23f117a68b82e9ecf048be52018548fa44b25d85a42532bf5e6703dcdbf7

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    41f4c1709a9c80836aa2d50af616243c

    SHA1

    37915a207e91167b8c2dde493673c441a18da8b0

    SHA256

    387996db25aa760a21413a4f4666c13d24cea60c77ca3c4b4973e180b3a403e4

    SHA512

    e4ff0f4fda2988cc18ba9cda97299e23cc17936b65bd5d747d530cdaf3922ae4bc350b3b666eeac41542d529732c07f4a2403ae8a16143f0699209a914b535ed

    Download Submit