Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f33c2afa2d...0N.exe

windows7-x64

7

f33c2afa2d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f33c2afa2d45c5784439c61a7d9009f0N.exe

  • Size

    2.7MB

  • MD5

    f33c2afa2d45c5784439c61a7d9009f0

  • SHA1

    273be5be75d780b58097edf35d3bd0610309c476

  • SHA256

    a087c86a90741d6de9a7bba11f97fcbc81a7c5f76561a3960bdfcce02c44c516

  • SHA512

    da24ec5efaf02788c44121fe676dfa1e833c0c4ee8ad0f6023f1d7f807f91d1bb585e930a523111c0ba311319d9a817bfc11067d34ba657884177bfd85e00d68

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSpO4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f33c2afa2d45c5784439c61a7d9009f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f33c2afa2d45c5784439c61a7d9009f0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Adobe8U\devoptisys.exe
      C:\Adobe8U\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintZ1\dobxloc.exe
    Filesize

    2.7MB

    MD5

    9054f54ad43c20ebd31774ee1b5f302e

    SHA1

    05603066bc73899bd64392371bed3256728ccc22

    SHA256

    fa2f7491c818dd0660e4ddb385356c611a7f3c42f3e37fc287fe9cc2fa495995

    SHA512

    bae21aad30d7a1726c6f049cb696d0fce710dbd0ed2fc272fc2ef6a1e8be77bf35f0b7c429af6099a7a5c445d06cc4830297d6024dbacbd908aa32c0b87394c0

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    b1c5a3e6b018383019cca59ebe333afd

    SHA1

    27f4f3f8cc56aa2d4d95ee491d28f5903ce8cf3a

    SHA256

    abf16a2cd50df2c2c46b27095b977dbf406ce7bc559b1eb7154f69e441f023a5

    SHA512

    818c3abe0beb766efd3918614faf94cfda1267bd8229370e230b0ffc8bd0b0db5117d63c6208a83221b080c95d704f8db2f85f831f2d9fad38d9d1c8899aebad

    Download Submit

  • \Adobe8U\devoptisys.exe
    Filesize

    2.7MB

    MD5

    c9b460fdcae13f6db860d390af7b2a6e

    SHA1

    2e065965fb1a5c45057d12014e2390b68021f219

    SHA256

    84b1dd0558f8e0478e3e4f553cf960c651e156d332aa027cf059c79573da0ffd

    SHA512

    6d7214432638eadb932a2b2cb86860923d4f1a3cc9896f85f0ff3916b93d5f1d3703a4ad6cbadb7fa87adb11bc86913e853c15c95ddf5c9a627a06f5f1a2cb7d

    Download Submit