Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2024, 00:01

General

  • Target

    85bebaa2471175d73b91286c8870cdcd6b03aa2a80924a2c362d1497765cd852.exe

  • Size

    4.1MB

  • MD5

    fb7578361cb2052da97c195feb5a5232

  • SHA1

    39896d87576febc3924ffdd2be544644d4052b11

  • SHA256

    85bebaa2471175d73b91286c8870cdcd6b03aa2a80924a2c362d1497765cd852

  • SHA512

    b93dbfcda4f4c4ed49e2e81f219bee564a277e3c0fc464f17a4ff85991baea05e5dadcc0c76f7ce47acd4658994b16e5eb4f6b5f0b927fecaa394f32d3ffefde

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpO4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmF5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85bebaa2471175d73b91286c8870cdcd6b03aa2a80924a2c362d1497765cd852.exe
    "C:\Users\Admin\AppData\Local\Temp\85bebaa2471175d73b91286c8870cdcd6b03aa2a80924a2c362d1497765cd852.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4084
    • C:\SysDrvJ5\abodsys.exe
      C:\SysDrvJ5\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxC1\optixec.exe

    Filesize

    4.1MB

    MD5

    e12343c4320cdb66572016556f9d0c93

    SHA1

    04e949ad27c9c3bbf8e6938667907a7222d56f04

    SHA256

    71cc20708ec9dac79b5790c995e47b773591d1be32f5fc39a5955a1e4e44dcb8

    SHA512

    06994ccab0c055c2f1a5800d112fb5a916db8ad4d418eba9ab7b46cbbaeca4a7ea3c4e18389d27a21a989c864cce2bd8942e9b646405b5ccce9dd785c5e0760a

  • C:\SysDrvJ5\abodsys.exe

    Filesize

    4.1MB

    MD5

    2e75849e0fbde17a8524e01068c91201

    SHA1

    0a81519d1e0a05ab5595d7ed5eb6ed61749c9d59

    SHA256

    46dd9b56e02d7cb7ab3708fafb3fdf6226c0bdeea558cc559fec460dc2eb5f26

    SHA512

    b8b2602d98d54b597767198db719b3cb358880fbf678c26770611f30d7d142f53d910b3b5705c317897c37ee5f8cb36d59fc86df686489d2bd326336101b5e44

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    202B

    MD5

    6330e19cd09d7c7e82ad204d9587e42a

    SHA1

    b4619f4b6e67b932f32cc29c7bb58c5c2a8ff94a

    SHA256

    5bfe92b071f52cc4dbc437e3110d3b6f87a7cfe6d755c810e1eb77993bef0fb1

    SHA512

    f8167aef826e82549f7960f3bf52870dcebde68875a86d77c459962524b5df645e958579b7bc985c5bda0290ee252589f45d47b5790d764da88d9292896cb04a