Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5e8ea0ee96...47.exe

windows7-x64

7

5e8ea0ee96...47.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/05/2024, 22:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e8ea0ee967245a7823b715a7483ef525eaed22498daf83fcb7229c9bcb36d47.exe

  • Size

    2.7MB

  • MD5

    328e17734d8135a5bc6019a75d1dc6e9

  • SHA1

    68a7039fd581266072dc7ba7a9a80d92ec96a56c

  • SHA256

    5e8ea0ee967245a7823b715a7483ef525eaed22498daf83fcb7229c9bcb36d47

  • SHA512

    659e5b5b5969f19a75888767eb4d08b1fa9e2ed1d06eed4d1436ca40ea40c0cf1a327f2e529549d1436e585d51528ecb2a26462acbd08859cf97bb82869e5769

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB49w4Sx:+R0pI/IQlUoMPdmpSpW4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e8ea0ee967245a7823b715a7483ef525eaed22498daf83fcb7229c9bcb36d47.exe
    "C:\Users\Admin\AppData\Local\Temp\5e8ea0ee967245a7823b715a7483ef525eaed22498daf83fcb7229c9bcb36d47.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\UserDotJR\xbodloc.exe
      C:\UserDotJR\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZJW\bodxec.exe
    Filesize

    2.7MB

    MD5

    a804fd7e120942ee989b56b0615464b8

    SHA1

    637cdcdeb8b06a3cd0636e3703df34818faa9d62

    SHA256

    35544c7696c3819e2c64a818557be2ba607025f0e3bcc3edbfc9feeb7fb473dd

    SHA512

    03ae667e50e86e4211b618efaa0e43c89e6e385cf6de8cb5de1e88ea1abcd3f21fa197619aabf02a6dc992cd16465466ea1188c68b19194ff9290a02894be59c

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    9822ae288b17a78ad7ff1bfdc79f2f12

    SHA1

    ee8e7c440163293dd8a81a73536744791d5496c0

    SHA256

    dcacf3d372819b94ea8c809e6442acdff0df10e57f2725dc85c443e8c4e42b68

    SHA512

    b1684b7c438267dca9163ab4fbad2aaa01895713e44c58ec47259980ff8cf3c5e043afd675dc2e9f4a4f44d5243ab8617e350504349ae2062d3db0e1d64a2e8f

    Download Submit

  • \UserDotJR\xbodloc.exe
    Filesize

    2.7MB

    MD5

    28636bfc9edbb3ce6d7323795679742b

    SHA1

    73582ebdf7694fa74f23a3389bec82d04b619835

    SHA256

    c4cd99ce96b48c7582f2cd7c3322c33f101015068329a21db74982d69946a87d

    SHA512

    0ec1f1b5cf31f70c25de00c616c6109a188857913433c2167a0f3b0bca4a75051153f731682bf8928764484b11ee54caec437b8a53d9c4d0671f57a5335aaa6a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.