Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

675e50b9ed...4a.exe

windows7-x64

7

675e50b9ed...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    675e50b9ed85d5d50ea049c1656019a6b330721f96712451a2d958160d485f4a.exe

  • Size

    2.7MB

  • MD5

    1801d4591c59ed5bdd2fb55fd9c98a2c

  • SHA1

    75b238a35cd66af0b43cc12230ff9f51aa6fc233

  • SHA256

    675e50b9ed85d5d50ea049c1656019a6b330721f96712451a2d958160d485f4a

  • SHA512

    4ebd462c516008164fda6e7954d39d70ac5395077dd4c776de067a13273c8d2049c4eb0330204e6d3a80155083a0d9bca8b1e638ceed0f056b16cc96f2e510f3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBl9w4Sx:+R0pI/IQlUoMPdmpSpl4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\675e50b9ed85d5d50ea049c1656019a6b330721f96712451a2d958160d485f4a.exe
    "C:\Users\Admin\AppData\Local\Temp\675e50b9ed85d5d50ea049c1656019a6b330721f96712451a2d958160d485f4a.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\SysDrvYZ\devbodloc.exe
      C:\SysDrvYZ\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxX4\bodxec.exe
    Filesize

    4KB

    MD5

    15bc8e44efd5dc6751d7150cab1d8ad4

    SHA1

    a3a2438dd7ac72ab088f86260be2c7d0ab4b1336

    SHA256

    2085839491b628df2843cc336cf9e458da2fdf12d0b4275895af373778c5ae0a

    SHA512

    29eee9d4b6190bfa83b0b31b13b5defc8cb25ba13fc85718246983e0da1e75498cabce2753c579f851efbbe444cc3f360f3c4a3d72a4854cfbc715c220e2cd17

    Download Submit

  • C:\GalaxX4\bodxec.exe
    Filesize

    2.7MB

    MD5

    c5aa0d7e2743dcfd2fa4bb648a8f65ce

    SHA1

    5f7f6756f17cf6e286139d5268c251b3da554b37

    SHA256

    55c74da27ed20739d7dbf1447987bc4c57ad9c6d571bac60e9062fa0329064ad

    SHA512

    ce8b7abd75187862a95c88555d109a7713410750c6a7900f7a54e745f5bceb1d89414b663a72bd377fd8f4e0aa822e37db37c1c72275a70700be49375bb0e156

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    21f6c1f6f0eb752b5713eca11e0f501c

    SHA1

    7ea227106e4e1818845d7e2b6c5c8a8239a70801

    SHA256

    fa2213f092ce67346efae4528bf60bd167ace1768b67a9f8a1ae17f4781d89b1

    SHA512

    d37a3455aacccb794a5594ad71318d93cbd49c2e47ec2c44d6220e0f72645624c7a06e72be9efed2645add9e3991ebdb346c7a7a6cac94a0e34027e218076068

    Download Submit

  • \SysDrvYZ\devbodloc.exe
    Filesize

    2.7MB

    MD5

    5294e5b6f6a92f0c414e1a70c85c2688

    SHA1

    b8a0ffd9cadc843737c1b316889bdc3e62835be4

    SHA256

    1ccc316df3463b4f4e965b73ae0825c481e17f66f0ad7f3e0e0349577763a837

    SHA512

    62ab1837fa2e500c77b8dc2e1df9f14e28f2c13219f25e3aa9eafbcebc301f97f6a3fef4ce507b844399a282eb4b568406a06cab33825be6d71069e901397112

    Download Submit