Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:08

General

  • Target

    eb45bf5333ca91c8e6c98edaeb6125afbcd77f1d5b53acfcc47d8b879fb5c17a.exe

  • Size

    2.7MB

  • MD5

    7db07e8c99f3838ad96f8ab1758c60f6

  • SHA1

    a2fea07e6a736e34054570fba9b9e9a6b13ec1d8

  • SHA256

    eb45bf5333ca91c8e6c98edaeb6125afbcd77f1d5b53acfcc47d8b879fb5c17a

  • SHA512

    85ec3b8bab2de91089412bc9c3617661d97426a3ea3148e761e95ec8249c8dfba15a229625e8b49847c95dd1a0da273c681b3e6e9d35084e75c8b0cfac6a970e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBC9w4Sx:+R0pI/IQlUoMPdmpSpE4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb45bf5333ca91c8e6c98edaeb6125afbcd77f1d5b53acfcc47d8b879fb5c17a.exe
    "C:\Users\Admin\AppData\Local\Temp\eb45bf5333ca91c8e6c98edaeb6125afbcd77f1d5b53acfcc47d8b879fb5c17a.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\AdobeGT\devoptiloc.exe
      C:\AdobeGT\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeGT\devoptiloc.exe

    Filesize

    2.7MB

    MD5

    59eb3fed271fbd0eb25fdf1362e4fbb5

    SHA1

    2b2a66a0f396d2a546793491078dfb6383fab068

    SHA256

    e6cb333b020c0873557167ed6dcef3d89d7b375eb5bcbd0747070e1778b558b0

    SHA512

    2c6ca7dfde9b86b86ba5942fbdf30bc3c12c3b4eabdf684e89bf1c1189f65427d308090772e9b022fcab0b7b5278213b7edad1519bf2da23f57da310d8f062c2

  • C:\LabZXW\dobaec.exe

    Filesize

    2.7MB

    MD5

    a44b83b2c2beec977db594f72adea086

    SHA1

    370b1f5317492d9c9f2762100ceb864f079fac39

    SHA256

    159cd213b88501eed92831221870240b7401eb45e805d25bb736d1c71559155d

    SHA512

    edcb01a43cb38e9cd6d71503718d95f028db3e2bb545df3a5113e508270e9674f6f909a2380b022ea67ef5dd7c01d1a989a953f1fc284d7f5943c160f1da0c3e

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    203B

    MD5

    792b4846925291527a24399da0972b1c

    SHA1

    0a0342b83caafd14f1208e7b101a6d109ac050ca

    SHA256

    ca4046b6fb9f80ffbc2d7386c382f0cd437159e0a398f0ea0bd14af21f878aec

    SHA512

    96896b97baf99655174cacad9137e0310ec5b8fdec9b991c02c9eac23bb85a4960e2c7cadde5b5f5ef36d54e1d7e109ae805bd9250beed8787875010dff09d10