Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12/10/2023, 19:11
Static task
static1
Behavioral task
behavioral1
Sample
90cedea672b29d7be5985dc58c146a98_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
90cedea672b29d7be5985dc58c146a98_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
90cedea672b29d7be5985dc58c146a98_JC.exe
-
Size
4.1MB
-
MD5
90cedea672b29d7be5985dc58c146a98
-
SHA1
5595668ff089b9cd693f8a9a80027b579d6c34f7
-
SHA256
54e37f2f47abe3223ef2bd7b52682a722ffe7d3332a92e2100d50af7524e1c65
-
SHA512
caf3a55a30c7b7064d941e07cd38ad6aca880b2f041914e338a26e7248cc000270367a612164b8bc63468cce306c06d19bff186c1d04f09e1566ccfe1cad4ede
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSpg4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm/5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2748 adobsys.exe -
Loads dropped DLL 1 IoCs
pid Process 2240 90cedea672b29d7be5985dc58c146a98_JC.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxJE\\bodaloc.exe" 90cedea672b29d7be5985dc58c146a98_JC.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeQ4\\adobsys.exe" 90cedea672b29d7be5985dc58c146a98_JC.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 2748 adobsys.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2240 wrote to memory of 2748 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 28 PID 2240 wrote to memory of 2748 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 28 PID 2240 wrote to memory of 2748 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 28 PID 2240 wrote to memory of 2748 2240 90cedea672b29d7be5985dc58c146a98_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\90cedea672b29d7be5985dc58c146a98_JC.exe"C:\Users\Admin\AppData\Local\Temp\90cedea672b29d7be5985dc58c146a98_JC.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\AdobeQ4\adobsys.exeC:\AdobeQ4\adobsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2748
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD5fa214bcbf18db77a799870afdc63b08e
SHA1880817b8028596c5c61bd28d5270819647883239
SHA256c535a3f8cef510a50fb3f883af4662d6da89e4d5680500a78c0a9377bc35cccd
SHA5129fc3a31f655a69ee64a9d56f29e13bc0cbab418f342dc568a0f6c3d29d930d56b319ede9691115ae8c15360f63d296f256cea9a4c9fba7d7f686d72aa7b19472
-
Filesize
4.1MB
MD5fa214bcbf18db77a799870afdc63b08e
SHA1880817b8028596c5c61bd28d5270819647883239
SHA256c535a3f8cef510a50fb3f883af4662d6da89e4d5680500a78c0a9377bc35cccd
SHA5129fc3a31f655a69ee64a9d56f29e13bc0cbab418f342dc568a0f6c3d29d930d56b319ede9691115ae8c15360f63d296f256cea9a4c9fba7d7f686d72aa7b19472
-
Filesize
432KB
MD537dc048cd9134e8786ee5f70827e4fca
SHA1474233e857873d22f4a1d43d5234f2bf7d22e979
SHA25671c4a9297e2a6e11e80799e118234d7a47f8d96aeca8162fdc92233f55134f8c
SHA512cfae8f6055dd076ecc424d9ca9e18c7142b9de202873c4a2f742ee4b03f2ce9f3153e1bd41edc88866add7cc776fb16bcc1f24b5f921ebbbc8e26c5e8fea09a8
-
Filesize
4.1MB
MD5dee06ed30b14f4fd46d39f7f71af8be0
SHA181ee44f3664e6d3ea04c893749c6ce42738fee11
SHA256ceae570291a8995fb612138a28e43acdbd46741c19e842fb13c50375737e69fc
SHA512330f74b656dbfb2cc9c398450703a0ba35ed6666bd2ca71a8e4249accf84069448a1b1d641c794365a296cde28ee6dde5ae37de7c7a64f58d6df8963e245c1a2
-
Filesize
203B
MD5f37dd828e95231e51068398f070b6ac6
SHA158d22f99929af6501596a65b40e979cef1acc8ed
SHA2569eaf000bf1025ee56d817c330cb74de397669386abb5d00504649e8af5ffcec9
SHA5128b693769020a5e3f48644c21a2d12adae41d31cff2b201852f89cdb74a21afbd66e6af8f6f49097c2f5087dd12edb596794dd597dc5c4af94eb7c29f514656b8
-
Filesize
4.1MB
MD5fa214bcbf18db77a799870afdc63b08e
SHA1880817b8028596c5c61bd28d5270819647883239
SHA256c535a3f8cef510a50fb3f883af4662d6da89e4d5680500a78c0a9377bc35cccd
SHA5129fc3a31f655a69ee64a9d56f29e13bc0cbab418f342dc568a0f6c3d29d930d56b319ede9691115ae8c15360f63d296f256cea9a4c9fba7d7f686d72aa7b19472