Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2023, 19:25

General

  • Target

    f8fb3b40ac2505c27ceec7864cbe562b_JC.exe

  • Size

    4.1MB

  • MD5

    f8fb3b40ac2505c27ceec7864cbe562b

  • SHA1

    d59584e4879d876537885a297d32e41de944e066

  • SHA256

    eb5f6fe993832be79cd0275534819701642a02d3be300cc2adc2f90c9cfb4f60

  • SHA512

    44f989175a5e76183451acf3bcd9531cf125013362ae514dda8b671b4975a6a05a034f123b2ddb50a07cf8e2891bff95db4a9fd8bfef8ee909a049b7d1389741

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpj4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdms5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8fb3b40ac2505c27ceec7864cbe562b_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\f8fb3b40ac2505c27ceec7864cbe562b_JC.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3300
    • C:\IntelprocFB\xdobsys.exe
      C:\IntelprocFB\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocFB\xdobsys.exe

    Filesize

    4.1MB

    MD5

    cfed6d0e9f7c8dfcb3c203f42c83edfe

    SHA1

    349628807ce7ea0d7aedc304d4cc5aa4c56136cd

    SHA256

    8b3db0ca22116c10d423ac65f66e1ab20e167dfccea6f79f91dff501147b5834

    SHA512

    69d9aab54e10cee7aa0175689d275c0690b816180ed4245e340e76df66addde4f84b20b1cdb84d747718ab4bf66b91c1e0f488dd5f000aa5da604e47b9b70d38

  • C:\IntelprocFB\xdobsys.exe

    Filesize

    4.1MB

    MD5

    cfed6d0e9f7c8dfcb3c203f42c83edfe

    SHA1

    349628807ce7ea0d7aedc304d4cc5aa4c56136cd

    SHA256

    8b3db0ca22116c10d423ac65f66e1ab20e167dfccea6f79f91dff501147b5834

    SHA512

    69d9aab54e10cee7aa0175689d275c0690b816180ed4245e340e76df66addde4f84b20b1cdb84d747718ab4bf66b91c1e0f488dd5f000aa5da604e47b9b70d38

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    206B

    MD5

    30aa0fb6dc72ec9d2c9cbef64f0baf47

    SHA1

    bd07c593f094b14f4aeeb6a2da67d93b8533778d

    SHA256

    cc4e68b2ac52bd6af25ad5476ce3819583e37c0bdfbcec273046547650b73048

    SHA512

    970b540245f3995611338914df87f97fe7ad9b93921728586af6e174978f2a61291ef13268a53298f4a676f712b84f81b9a8e5a52f4623e8d39836d7a4979a9b

  • C:\VidAQ\dobdevloc.exe

    Filesize

    4.1MB

    MD5

    0e2295822da494682ef876c798ccb1ad

    SHA1

    5e6e2305358685b1a6ef2e8e5d3c0b613330cf9c

    SHA256

    e7d4aa16c1fb90716d7805a0651919260095df6b9d1bcb97142e938e9290620b

    SHA512

    882475d049696f5ac69620a3d07c78d76bcbaa862962e8eb1ce17c5649871d44e2c71b2c68160edbd0e66cdffba38a4718189b5c2fc366ab6d040a37d7934da0