Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

19c6c23602...54.exe

windows7-x64

7

19c6c23602...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19c6c2360216a8202273b4e0b159c52eaa4028698d085d3477860effedb36d54.exe

  • Size

    3.5MB

  • MD5

    3ca78b4470ad81124f5a46b182f843de

  • SHA1

    9a34af988758d6bfd26f656437ece55936a2abaf

  • SHA256

    19c6c2360216a8202273b4e0b159c52eaa4028698d085d3477860effedb36d54

  • SHA512

    cdd11b4c71d0c19baaae52f3b08c4a80a0aa240914415d7f8a04974c5a4f57c6c22e6fe6847ec2a79678ea0ad4d3c90216da19d1c8cac828c2075d7acfe5d62a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4SLDtnkgXL35xZzlPBq4Ow:+R0pI/IQlUoMPdmpSpj4ADtnkgvNWlw

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19c6c2360216a8202273b4e0b159c52eaa4028698d085d3477860effedb36d54.exe
    "C:\Users\Admin\AppData\Local\Temp\19c6c2360216a8202273b4e0b159c52eaa4028698d085d3477860effedb36d54.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\UserDotQD\xdobloc.exe
      C:\UserDotQD\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxBT\dobdevsys.exe
    Filesize

    87KB

    MD5

    5fc1f9f32cfb77cb9db101e35961ddb1

    SHA1

    5ebd1979f26a5d2549ebf75a125241e3e8424728

    SHA256

    091c739a335c593cc8f134193feadaff9d55db5695329aec1b532c475d41dafe

    SHA512

    1aef814c98ccc925feb3ddc6e74da742e8eb21a58fa6a79b76c203116cc24e98b2a77a2c95ea440c57a615d7886977c00b161cb56ea0fbb7872e87009f059699

    Download Submit

  • C:\UserDotQD\xdobloc.exe
    Filesize

    3.5MB

    MD5

    e993f220769f5e80c99ea09e7b80d088

    SHA1

    c80e8d6bb1452c8f4cc2ec9d910a5c21b3282f02

    SHA256

    3aa60f81e3204cd9527285d439c2a8e836d918029c49075f1121af62f4586d7c

    SHA512

    48e4aa73abb0024862a30da19e6a91d9b3eac1fc2a9c63310d4edd46d0f871ca2920d6c543b44ced18654adb09fa8dfcc7cd974c35518e58193fb4c872e0ec9d

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    d55613ef0eb295c887479f15f83b0330

    SHA1

    32f1206c279b44a49ed2724c5fe15491ed17bcf5

    SHA256

    6b6bb33648c45a1d49a09f7a0f0b10e2f882032a534b6fd76b8e13ca3ce08553

    SHA512

    9e4f2242a1abd63274a82ea07bf4d41b3a28442643c7a948e34d87d1e14283409695e0bdf5684b22f9b3c3dd07a5ba23009430a2a4a86567133450586599146d

    Download Submit