Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

202f168f1e...8N.exe

windows7-x64

7

202f168f1e...8N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    202f168f1ed04a95380f5f3985d0b28df9c41369e010b859c52011fee4295ba8N.exe

  • Size

    3.1MB

  • MD5

    39d743a6e9080e0f26f4fbf9ee06b460

  • SHA1

    247b3fc2b04316c59c33283a3ea125cccb057035

  • SHA256

    202f168f1ed04a95380f5f3985d0b28df9c41369e010b859c52011fee4295ba8

  • SHA512

    1a5bc31d38c1ceaaaae463d6ed180008f1e24f7c25104ce5dc94083ee367b37039544167a99b885b686c34494218e002e555106115e2b0f791d1f423f52c5811

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4Su+LNfej:+R0pI/IQlUoMPdmpSpe4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\202f168f1ed04a95380f5f3985d0b28df9c41369e010b859c52011fee4295ba8N.exe
    "C:\Users\Admin\AppData\Local\Temp\202f168f1ed04a95380f5f3985d0b28df9c41369e010b859c52011fee4295ba8N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3796
    • C:\UserDotCE\devoptiloc.exe
      C:\UserDotCE\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\UserDotCE\devoptiloc.exe
    Filesize

    3.1MB

    MD5

    51d2c26656ffd7bf907f8fdd04329141

    SHA1

    a88ba59900d15bf2566a98630db66e8920b2dac8

    SHA256

    60ebae52d08b6e9169b1879d4a0d5ad905bf7494c6c2c6cbd563c438cda680a5

    SHA512

    af730ba04c35f969d53bdff84064d6cb439d44fcdc38bcc18fb72299eef4360f250ae58f984cf2eac57180ab5ab865d4ed6a81a9300746e01d42b2ea70630a29

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    bb6714514198c55710240a5680798902

    SHA1

    87f5948c9d16cb81244d55bd53f22cad9741946f

    SHA256

    420a7611b1c5754b49d4321fa7a061fee684104d68081704e496606600ebf670

    SHA512

    dade15fd0b82287eb85f1bbca8baf0186dbfd78af50439421e79b055ac505688cfdd2e69e7ea91a6c03b63454fe6b6613d2e581e641fe65dc0279793a4ba89a8

    Download Submit

  • C:\VidZP\optiaec.exe
    Filesize

    43KB

    MD5

    10a05de4bab5630dc03c6a5d68d7891f

    SHA1

    2e9542ffc8285b675b754af62204f7e14126c7d2

    SHA256

    948d46e84ae93308ea40755741fc2ef51f88044cf9e2f3fe679c8d2a3fec6181

    SHA512

    94ba396668dcf1002109a6d73dfef2f57cdc032970bfb6b2882cb0bb49a99e845ad65d4ba33a5ad97292ace848b7761d7cefd96ce6e10a8bbfc671322c480f1d

    Download Submit

  • C:\VidZP\optiaec.exe
    Filesize

    3.1MB

    MD5

    d15d560c7eb1fbe4e4902124c9aa6f44

    SHA1

    9c0e8e6cf84ab979ec7c07acca0d1db7361c93b0

    SHA256

    e306f4726a92918cf488ea1249f014b713257b559666e67399854899693e627d

    SHA512

    e2d645839e1661456f5417517571d947f7a5d8fb0439041d333c1bd3a4f6ecb13ed5159f72feae43afa65f85f7f24edf279e91c5758a0bc3db4ec1460b7a578f

    Download Submit