Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 12:51

General

  • Target

    eec4289984c9bc0ebab6c2fcecf482a0N.exe

  • Size

    2.7MB

  • MD5

    eec4289984c9bc0ebab6c2fcecf482a0

  • SHA1

    122f6e27e4cd6713307807bba6ccc4b6ef395023

  • SHA256

    09dffc978af2e70f62549ef7662d74d460d5dd187c53c40dfd3e5c1098f7396c

  • SHA512

    9966442055563034e2faf6b09fe7803759540e4567233c4a807fd81c0256e3818825b35f3ef23b8e2a02252bf0046e056565b7fcd775520b6292d21c68f14c74

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSpQ4

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eec4289984c9bc0ebab6c2fcecf482a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\eec4289984c9bc0ebab6c2fcecf482a0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\UserDotPQ\adobsys.exe
      C:\UserDotPQ\adobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBWK\optixsys.exe

    Filesize

    2.7MB

    MD5

    2d859e893907fba9fc9377cbd34585b9

    SHA1

    c795538aeb00339b72136e1ac34c4936b0a712a9

    SHA256

    c7bfb375a70154fe6abffc24f98655fad89b026d7cee100c9773aff625df29d3

    SHA512

    9fd5e7c1edffbf68a0a66d683949823f6ce69d4e28370440391ed8b5e2d65bf2268bf78145b29d423ffd4195bac6dfd58d95a11f9dbe0c273699ffc10e5da65d

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    203B

    MD5

    0322a63e4a68359f03a6cdccaa5d20be

    SHA1

    06d54299096a27fdac476e8174d4e9458314dcb6

    SHA256

    0a1ccd4385aff13bdb55f559ca59906433f2e4f1894b256097fb832f6adf684e

    SHA512

    df61409332797698ec0e01e57635c5f29a0c9c8d680dd7a1ea6ec732ab7d8c9796ac01f9b957e784ddf6852b4241784060b27a344d8f20915484ca0a0cbaa46a

  • \UserDotPQ\adobsys.exe

    Filesize

    2.7MB

    MD5

    069299f0170bc0275bb66e113207891e

    SHA1

    045de87cac7b59445aceda3fa8c3c736e454c5e5

    SHA256

    c4a0a62b905108a8e94404664cecdf2ad40d59a69186af1abd07a791e289636a

    SHA512

    ef0199c3a983114757dcac850c2077649a4580b07f38cef003b89f09c6a4b1296df81b00be97b5ceb22a8f313f00e3e98a18cb95c2e3a34b0c59626711453ec1