Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

90cedea672...JC.exe

windows7-x64

7

90cedea672...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    162s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90cedea672b29d7be5985dc58c146a98_JC.exe

  • Size

    4.1MB

  • MD5

    90cedea672b29d7be5985dc58c146a98

  • SHA1

    5595668ff089b9cd693f8a9a80027b579d6c34f7

  • SHA256

    54e37f2f47abe3223ef2bd7b52682a722ffe7d3332a92e2100d50af7524e1c65

  • SHA512

    caf3a55a30c7b7064d941e07cd38ad6aca880b2f041914e338a26e7248cc000270367a612164b8bc63468cce306c06d19bff186c1d04f09e1566ccfe1cad4ede

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpg4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm/5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90cedea672b29d7be5985dc58c146a98_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\90cedea672b29d7be5985dc58c146a98_JC.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\FilesJX\adobsys.exe
      C:\FilesJX\adobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesJX\adobsys.exe
    Filesize

    4.1MB

    MD5

    5a8670e3d3b0e5d52504e31494a7048d

    SHA1

    16d3f242c0d5ee7625e09f56b35cc66296a4251d

    SHA256

    0eea4b5f249b6c89defec40b62801f259e28e31d02ba3f3424ea5addb926447b

    SHA512

    dbdab2f87aa9b136e2aadc15398b7759572c32a0f118d687325c789da2dba17a22a4f416ecf9eaa19bd9184105f625f32877bf234855628565c528ae661cedbf

    Download Submit

  • C:\FilesJX\adobsys.exe
    Filesize

    4.1MB

    MD5

    5a8670e3d3b0e5d52504e31494a7048d

    SHA1

    16d3f242c0d5ee7625e09f56b35cc66296a4251d

    SHA256

    0eea4b5f249b6c89defec40b62801f259e28e31d02ba3f3424ea5addb926447b

    SHA512

    dbdab2f87aa9b136e2aadc15398b7759572c32a0f118d687325c789da2dba17a22a4f416ecf9eaa19bd9184105f625f32877bf234855628565c528ae661cedbf

    Download Submit

  • C:\MintHA\optixec.exe
    Filesize

    26KB

    MD5

    330c39a797179896c2a57f4aacc8ef39

    SHA1

    7497e25a85140aca503e15106ea723c0220b8be7

    SHA256

    9d3759178c13c81d84e435ead38786dc56f94049dc4c8ee1ccadbd1dd864989f

    SHA512

    e62396bed629eee1fbdb1e9cadbdeb1d1ce99d0912af916e8fc0249ca813785f2241a69e5b0f69df0d968c0a3c93a1f2784f9cabc1c6285a8d11a353b9feefd8

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    9b83eebb4a56509faacaf03c21186626

    SHA1

    80d0d0745e250b52d53f918f032a5b0908bdd993

    SHA256

    9c14c870607201cc702cefcc01a3b0e3d874b6e646f7f28ecff7c9d5245d91df

    SHA512

    18fdd88b503ac53a2ab6addf265764b33d1b91e414535df51134103f58b5acaa018aa9d8de734178ced47e275eefc50ad7ac0cfcb21c346fb149c16f7c6af479

    Download Submit