Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f33c2afa2d...0N.exe

windows7-x64

7

f33c2afa2d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f33c2afa2d45c5784439c61a7d9009f0N.exe

  • Size

    2.7MB

  • MD5

    f33c2afa2d45c5784439c61a7d9009f0

  • SHA1

    273be5be75d780b58097edf35d3bd0610309c476

  • SHA256

    a087c86a90741d6de9a7bba11f97fcbc81a7c5f76561a3960bdfcce02c44c516

  • SHA512

    da24ec5efaf02788c44121fe676dfa1e833c0c4ee8ad0f6023f1d7f807f91d1bb585e930a523111c0ba311319d9a817bfc11067d34ba657884177bfd85e00d68

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSpO4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f33c2afa2d45c5784439c61a7d9009f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f33c2afa2d45c5784439c61a7d9009f0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\SysDrvQA\devdobec.exe
      C:\SysDrvQA\devdobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ7T\optiaec.exe
    Filesize

    1.7MB

    MD5

    e9b0ea5e415163b6a2131d739b6a749b

    SHA1

    304d7dc3ca0559ca63bae34f56dbc4b64a788973

    SHA256

    7e19314e87d3bddbf0549abb12177dbf22e570f9ec7d1666a74b5ca0b93e05aa

    SHA512

    a79db4529ff4df0d9ee0d9a3cf7c23728057c067de0b13226b34b1fbb4b8748585dc87fd7a2d3d9582e33d149535108b81febea88b84cbcc96afafe5c5389240

    Download Submit

  • C:\SysDrvQA\devdobec.exe
    Filesize

    2.7MB

    MD5

    422027edc8f406c2919a3b2ac3350134

    SHA1

    01e3440d8ed6d4e2dcf9710a128a527103f8bb0e

    SHA256

    b1078e23e3989ed1d6041e2f3c98d4c6b2ddfa5ea8ab0c3850e840ef9c567b60

    SHA512

    edf06be7ded3a8857504eeb076a306ba0b57c0b30ee5f955c1121e8311ea8b9edaffcbfd99d98944f5f39cfe89a0fe6000be2d4afb955ad890fadb430c129e20

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    17793016854aa85fddd9259baff35f27

    SHA1

    ae285e826cf8dabcd35a0ff431b6ae45f37c9742

    SHA256

    1c468b653a5f8c94ac7f36d56722c72f2455322faebdb14ee5d31c02240f7f9f

    SHA512

    eb389363fb5e6b731636c59c4ae7baef21c6ff0a65c21a769b728c35b1853b9cb26c6654060bb84ce1953298de6c66326602e65fe1c7e6b418264d2f6ae5592a

    Download Submit