Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

af89226bdf...0N.exe

windows7-x64

7

af89226bdf...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af89226bdf1edff747196fe8aab4eef0N.exe

  • Size

    2.7MB

  • MD5

    af89226bdf1edff747196fe8aab4eef0

  • SHA1

    5bea1fc061f4a3d6703ebbacc1b2619e0dd8bc77

  • SHA256

    3caac343f90a0b15048847dd1a04b09b1d6b9d2b1a57764fe63c4aa433fd5698

  • SHA512

    7ca724a17672b7e1403ee0385b08a6cffe0627c21b61fff2d3d53eba36e6f661e8c3cddbe917afe7a702d0f6ab1a6982f4d91c1acaa8b0f26210d49c51149ffb

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSpo4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af89226bdf1edff747196fe8aab4eef0N.exe
    "C:\Users\Admin\AppData\Local\Temp\af89226bdf1edff747196fe8aab4eef0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\IntelprocUF\abodec.exe
      C:\IntelprocUF\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintH8\optidevloc.exe
    Filesize

    2.7MB

    MD5

    c0235c921b7fb19d45d916d40544e638

    SHA1

    efaa162d9e3c2ddfa90c1fc2abf793e6c9bafc71

    SHA256

    211e6b5371782127d9e65d5b79cc21b3db1512fc0b40dea49d6605f243b8445f

    SHA512

    86f0c0a47eda0e0bd4179de200bbf510f965d025ec59c50926863093d1cc06ff0a39a6567f34e6ddad41b0ad7183a078a71bb21718fb238657a0457573036517

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    89ff5c388555c7e4f6febeda62822b3d

    SHA1

    489683a07481d40346f09b3ae5acb3f8d95dfcf9

    SHA256

    c577543638741796c47cc6aed528f830cfc20e0ff5572725ccfebf8e97088229

    SHA512

    e377ee8d5a888e27bb8414acc4ba7ff458a001fbceac54d3fa83f370f6469a0660a8c4d95d76e0cd93fed9b152717723abcbea43995b3f1ae05b7ab60fef9354

    Download Submit

  • \IntelprocUF\abodec.exe
    Filesize

    2.7MB

    MD5

    65f7d3574cd0a228b4d78b0cc0c69841

    SHA1

    253a9a144bbfeec3c4bc87b37856332efdf557b4

    SHA256

    e4b0957c609865cab63ff1028c0d869844ef3cf6d87dae1e9a193125d2bae466

    SHA512

    d1f6ff0c15605ea025865f5d5074d59d6c609966a7772d2f1866ca7ee82e8a1187387648721643a358113ea286f2b3c45ec02777113fa44fddd8d930f024fc47

    Download Submit