Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0b81f6d0a5...f2.exe

windows7-x64

7

0b81f6d0a5...f2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b81f6d0a57c5b025968b84f113d026b7d8c59d3f3bc0ab646fad404af43bff2.exe

  • Size

    3.1MB

  • MD5

    6c44c2c4eea56f73ffb416b06875899a

  • SHA1

    25d91323b63171ebb16a3d1d1dfbbf406b15135a

  • SHA256

    0b81f6d0a57c5b025968b84f113d026b7d8c59d3f3bc0ab646fad404af43bff2

  • SHA512

    63b7e7c536eb441bbe238e9d6b55906a9c00adb0e9fc744790dfba1418a22835e926c127bf68e42536e70f46282db0036c0020f99bf324d8e05624f6cd7a786f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Su+LNfej:+R0pI/IQlUoMPdmpSpr4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b81f6d0a57c5b025968b84f113d026b7d8c59d3f3bc0ab646fad404af43bff2.exe
    "C:\Users\Admin\AppData\Local\Temp\0b81f6d0a57c5b025968b84f113d026b7d8c59d3f3bc0ab646fad404af43bff2.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\UserDotP5\devoptiec.exe
      C:\UserDotP5\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ8F\optixloc.exe
    Filesize

    3.1MB

    MD5

    e72f8a7e1baa290a97f4519364dedb6b

    SHA1

    9666a9612954ceb01180e761deabb68ac348b062

    SHA256

    6c2a69c91964b4424e64c4cc71f3d654db6cde79fbf4ecbe5ee14a72b1e8585b

    SHA512

    781999223438ec67e20d36dcfac96705cf5180b04de8890034d665012b43e61bf6a87db2bd26fe84a0301126d4b819ba8c2efefe81df9c0119e940a54a5864e0

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    71cae48d8faa0ea880def1dcfc7039cf

    SHA1

    2283f7a6d0d5ffec507db21d97b808ab34c85017

    SHA256

    112fa9900310d2a024af7a7f4e314a3f5d0c7001a989eeae95f32a48de4588ec

    SHA512

    d2c6ef078516252f42889dc1f1002b59d4a8b033ffbff63b9b3659e2586a9a8dab039b9ac0bec9f52999beab7b903bd196690808d65b38a919021bd8143e5c51

    Download Submit

  • \UserDotP5\devoptiec.exe
    Filesize

    3.1MB

    MD5

    dfcbb727d07959f99a275ee453842645

    SHA1

    a9aa6e9fbbb2f44418772db051d374d248664150

    SHA256

    8a5a1dda377d4027a74d61a60bf7d5c8246ddf4b33b57f41acea960595e1ec10

    SHA512

    27ca325f69d72102e000e58d95e5f6a1983b7495c27c4b21aea8f35ae8845055d13da37f9a2a12900051eaba6e4a5ef1f2fedacb9dc49cbf05254f5179b984d3

    Download Submit