Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:07

General

  • Target

    eaf61d95ac62fec0bb3923fd92f449442fac8cbb00c922793cfef7813a1e22a6.exe

  • Size

    4.1MB

  • MD5

    7a02eff6c96018d0b403bb84741dd38d

  • SHA1

    06f73c13cefbf78d08d59fa800c8bbeda3d92202

  • SHA256

    eaf61d95ac62fec0bb3923fd92f449442fac8cbb00c922793cfef7813a1e22a6

  • SHA512

    75e318e9119f3ad5792eb9c52c29938b9c7502cc2bed678dfb77b0a05974dcd78d676453ca21e42733f9a050645df397cf03a1c113485ee84cb44e7881a3eef8

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpa4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm15n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eaf61d95ac62fec0bb3923fd92f449442fac8cbb00c922793cfef7813a1e22a6.exe
    "C:\Users\Admin\AppData\Local\Temp\eaf61d95ac62fec0bb3923fd92f449442fac8cbb00c922793cfef7813a1e22a6.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\SysDrvO6\xbodloc.exe
      C:\SysDrvO6\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax0H\dobxec.exe

    Filesize

    4.1MB

    MD5

    10221354190c139f5f2950d770b1cf45

    SHA1

    4a2fda41f07174e0647aa6e046e9854248c4367c

    SHA256

    355ec8cd3e5dca21d653cd2ae31c0d40a42f9ab2810a99da055f84e3337d46fd

    SHA512

    e0a8f617f144145711c63a735e033f3db1dc25b931be067301a398b2de48a388cebfc5097272043f4a533d616da8c063ba020e4b9f45a1aededa7738afec15a9

  • C:\SysDrvO6\xbodloc.exe

    Filesize

    4.1MB

    MD5

    94ef11005cfa5d02b338df0aee6be356

    SHA1

    8563867aa40c92b72039cac30ee5abe92f250c9f

    SHA256

    2a3a329f666e421c0db731354eb20b2bb81aa61df9edc230f83591ec646fdd7f

    SHA512

    aef82353c46986d2446e6371c7c04fcc558c0cc233b28ef185f1d93f73be1a274a761d1367d4be10046932c0fa07a21b0186b5e6493b44606c432ee1e78dd442

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    203B

    MD5

    9faee3977a6196e4841f6ce85929fd16

    SHA1

    b567b588a17c580f3c69a05ca0be5eb4e676042f

    SHA256

    ab2bd698b544e17f7613c6db60eb3cde83d0f2565f06ac1e6f4c79f42fd16eda

    SHA512

    7aa37d600ee110b7fd7d833d065b83dc4965f069c60c1c8729ed707b2e76caceefb53e0ef6315f6ad3692222083659b6768f51f7c5b1df43b469eaa22596b0ba