Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

06dc2ddabd...0a.exe

windows7-x64

7

06dc2ddabd...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06dc2ddabdae4c677584a0eaf66d170f72ca1602dfd848c7cad1c9b49b26ea0a.exe

  • Size

    2.7MB

  • MD5

    ae4f41f528127db20287c06d8e6d2110

  • SHA1

    93760a009932117fcfba6ea8d24737b7a84c4bc3

  • SHA256

    06dc2ddabdae4c677584a0eaf66d170f72ca1602dfd848c7cad1c9b49b26ea0a

  • SHA512

    11109850992de51496d92f7dc824605fd19941c3129f4e8d46a17f870720ca5423425eb48689c02418fa4277fda82ea4e1d9a4a7d64e9c97735a5794ad8a7250

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4Sx:+R0pI/IQlUoMPdmpSpg4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06dc2ddabdae4c677584a0eaf66d170f72ca1602dfd848c7cad1c9b49b26ea0a.exe
    "C:\Users\Admin\AppData\Local\Temp\06dc2ddabdae4c677584a0eaf66d170f72ca1602dfd848c7cad1c9b49b26ea0a.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\FilesUC\devdobsys.exe
      C:\FilesUC\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBTA\optiasys.exe
    Filesize

    2.7MB

    MD5

    2b5fbab626b31426918b3c2fc811b71c

    SHA1

    37dd7edff3c639a64c17b5639afab9c5b0aa0dfe

    SHA256

    12f59ec79214dc6e5003c11325d55f74f34ce1b3c54c5b53cd02ece73de093cd

    SHA512

    05a2fe5fbc3c18aa1efdb1fa7569e2cc8b41ee982d4724a9e1c86ba2adfb255693ef7d4038206cae9b9e48adacdc965675cee3f6e567b7660da30019f45c64f1

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    c09fe4f92d9094db40c409ad8ea4d5c6

    SHA1

    f0e7e2f3c52c671d4c95cffeaa09c6e06f351a79

    SHA256

    53fc0e3298f3382673f2b6eb85d4a2143a933f7afcbff585e6e5dee610d78107

    SHA512

    87657a9252d914ce06b74191d5577cc8e71def1ffed39c1fa479518589ac8f1b918f6d5ad36235f56a86d6a3a160ea9f24a70e626ba5df82e312766fc088c4e3

    Download Submit

  • \FilesUC\devdobsys.exe
    Filesize

    2.7MB

    MD5

    40df7f0943f8a84cd0b7761f9a5042c7

    SHA1

    95def12b2c7c5ea0b322dd796885ea6e1cb4df5c

    SHA256

    e04583497d287518a3fa96d3f20fe49f88128e4d7cfa19a0cb93ff70fdfb5b3a

    SHA512

    43f050d673fe8cc4c5b642825a696367d6d099ef8d7cf55942c44f0f1921abfdd220565afe7e632ca780e640fc46a828968acbf6c94f646afd0c2a10d213aab5

    Download Submit