Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6058ce6c14...0N.exe

windows7-x64

7

6058ce6c14...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    15s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 18:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6058ce6c1477c1d907a1f92788c0a020N.exe

  • Size

    4.1MB

  • MD5

    6058ce6c1477c1d907a1f92788c0a020

  • SHA1

    d4f6bf17cbe98ce4055f1a8adda914c2de4fd317

  • SHA256

    96eb97dae45a557ab485a9544134bc88428f970ac68c81061ba5d6452b15e6dd

  • SHA512

    7285e3f7c6a9ee68ff23404c1a01bb03c5c7d354dff57fcd1d78493056076e12bfde492a814490cef5813ed245a9491ecc432a8a4e63a02aa30ee9426adf70a7

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpN4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmi5n9klRKN41v

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6058ce6c1477c1d907a1f92788c0a020N.exe
    "C:\Users\Admin\AppData\Local\Temp\6058ce6c1477c1d907a1f92788c0a020N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\FilesPF\aoptiec.exe
      C:\FilesPF\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB25\optiaec.exe
    Filesize

    4.1MB

    MD5

    8903d20955677e6ab63c2ec718864d68

    SHA1

    46b286a865dd6a26faa55801ef4d06f1c577f741

    SHA256

    11748175bfbe606c9904015f29352d2dbeb3e6bb8822c82cb1ee041fa3bf6488

    SHA512

    bf747dab0eb10bdc3476d5262df7477bb632b35f7e48ae6515f323931763f1b6158595c2f7bc24674d0433528873bba16e08763ce9f9453e9cc500bea70bf529

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    4db66b8ca87296123c81ebee1520b4bc

    SHA1

    2321b349e62f3a57fa4c35f5dfdee591c9a00fe8

    SHA256

    39813f7febd95499144cdb002f1ca8c9e408a791812ddb81671390352a5f0487

    SHA512

    7aa8ebc54be66f354d4bc55a48b8fbc8136dc0bdf0614971bffbf34fee62e061087e24c8e0dde61a4dfbfd1f121f84aebf716470fa99a056e416d53d0579af7a

    Download Submit

  • \FilesPF\aoptiec.exe
    Filesize

    4.1MB

    MD5

    fa6ab124af706271a4cf08e17e6e3c6c

    SHA1

    ab6234e9906302db0f76a221fcb697f80fd9c8b9

    SHA256

    96bdaed77b73803f505b6e4debe1cbe999a1b45ccbf8702a40540707393009c2

    SHA512

    ff96cd3f20493949543ea250a06773c8fd3d441912e126f2812d37382b92b6399dcdb64cabf61494058e3fa09d06fd108a743270b10ee82aeeccbbea44d0de20

    Download Submit