Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

19c6c23602...54.exe

windows7-x64

7

19c6c23602...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19c6c2360216a8202273b4e0b159c52eaa4028698d085d3477860effedb36d54.exe

  • Size

    3.5MB

  • MD5

    3ca78b4470ad81124f5a46b182f843de

  • SHA1

    9a34af988758d6bfd26f656437ece55936a2abaf

  • SHA256

    19c6c2360216a8202273b4e0b159c52eaa4028698d085d3477860effedb36d54

  • SHA512

    cdd11b4c71d0c19baaae52f3b08c4a80a0aa240914415d7f8a04974c5a4f57c6c22e6fe6847ec2a79678ea0ad4d3c90216da19d1c8cac828c2075d7acfe5d62a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4SLDtnkgXL35xZzlPBq4Ow:+R0pI/IQlUoMPdmpSpj4ADtnkgvNWlw

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19c6c2360216a8202273b4e0b159c52eaa4028698d085d3477860effedb36d54.exe
    "C:\Users\Admin\AppData\Local\Temp\19c6c2360216a8202273b4e0b159c52eaa4028698d085d3477860effedb36d54.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\AdobePT\adobsys.exe
      C:\AdobePT\adobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint33\dobdevec.exe
    Filesize

    3.5MB

    MD5

    25de4bb5de7b8087834b9868b6925d79

    SHA1

    35c8dca21b5c3e762164faa6527d2a55c13e063f

    SHA256

    f70b9316c4d5fe782860b1b7ab6e52453012a09149fb36ecccef26f8dd4b4d2b

    SHA512

    31225a4574fb6879148bbc3c635e21de836c9a1eda48285b7b5930751e8f8f0f32ba0b911dc87e2fbdaf3f5b6c896c56dee7ae74455506d37e9050883fbbe777

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    f544242d5b84935a682a63567f233abe

    SHA1

    9b88a451b599741e0d6e11362a43046632d3de49

    SHA256

    675114dac4aafd47a0c4f28f4cd2e77323791fe4ee16525872b4f94ad4052ed4

    SHA512

    db8b21e426951c7fc18e1c058de383db53097f7d085d370831b183d240e96b8b3dc20740f8647c5e4ee8d8432b9528a0a2c08dbaf3a7e47fea061ba9b0187a6b

    Download Submit

  • \AdobePT\adobsys.exe
    Filesize

    3.5MB

    MD5

    c203c71926fdab9bca8fd8f05d4101f5

    SHA1

    bd6aefbf588ee1462d299fb43bdfadcecc7fd3a3

    SHA256

    1a958842cebafe925f9bc9600dd8df7a2ffee5cf6e12eed118e174dcab67594d

    SHA512

    c0f4398d5918adeb4a22802843ed955ad38fe60d5b3c21c30157b65fe9e891f7b128f3f9e401fa4c02a5dc042171ca67ea7744a940e431dfc74e64f489c4f361

    Download Submit