Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    152s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 21:40

General

  • Target

    4965536a83d73459af68ed5144f7c4c0df91fbacb2f4da637d3ecdadebdbfdcd.exe

  • Size

    2.7MB

  • MD5

    47d4ce76d326a7349fe8c8131200fb0a

  • SHA1

    fe8e9ddbb33eca682733bfd1057b879abe6b2854

  • SHA256

    4965536a83d73459af68ed5144f7c4c0df91fbacb2f4da637d3ecdadebdbfdcd

  • SHA512

    df7731483233c455593db27f98aff4276cc4db00884263b65bfb8301eea4bf36f581bd9dbbc6474638a802814cd339408e5595427f761c913aea5557f45d539f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB19w4Sx:+R0pI/IQlUoMPdmpSpx4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4965536a83d73459af68ed5144f7c4c0df91fbacb2f4da637d3ecdadebdbfdcd.exe
    "C:\Users\Admin\AppData\Local\Temp\4965536a83d73459af68ed5144f7c4c0df91fbacb2f4da637d3ecdadebdbfdcd.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\SysDrvD6\abodloc.exe
      C:\SysDrvD6\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    201B

    MD5

    226c6277b03301364a9a4155c75821d6

    SHA1

    0428b38aeb1ecda7e86e2848a4ce2eb23e6dae8c

    SHA256

    e1cedcc4fd7cadb1343972cbf7e2cd43c939d1ab5a85ec3d668b26ae3629e0e3

    SHA512

    02487f96d1ec2b529f3dda96e1f53bcb94802c6629f5963f52c9a1d906d05d45d09f8a94d94f8f9888b4e4e5c63b18457da8baf96f617a710b0d77a4ecff2e67

  • C:\Vid26\dobasys.exe

    Filesize

    2.7MB

    MD5

    10b933900a04856b7ab507ab1d5575c8

    SHA1

    9305ba42724a81dc6fe6f925917c55f74ba9796d

    SHA256

    a2d446c4e26f9d66d9d11fbdfcad462a43103da8ad9768683570777013a31ecd

    SHA512

    0bc191a3f45eb608c9484d178321821f7e4492bc776ba1f08aae9766e03f0ced0c5b1584d72fed448edb2a0b8b06861d5582f137c6bc12d16b012b395f9bd48c

  • \SysDrvD6\abodloc.exe

    Filesize

    2.7MB

    MD5

    db18315772175c2975cabe22854da8bd

    SHA1

    86540fed45c57defd944d9992b583d751b99d727

    SHA256

    3a2805ec2d00069cfc6d8434f5ac779f6da68018baa262a9877934ca7722528b

    SHA512

    121d39c71c7650021c1ccba80b59f9efaf7baee37dcaecfb92cabab92e1c62138b213d003eb4f94abc285fec4a8dbb44c5e17e2f36424909839e46ed07b4d5d1