Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:13

General

  • Target

    ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe

  • Size

    2.7MB

  • MD5

    7b8c8a7f8972241cff615761c9d9400f

  • SHA1

    995057155666f49ce18e6bcb8ad75515b1d8835f

  • SHA256

    ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b

  • SHA512

    198cf1d1f92cb7addfdd7f2c17a37a0c2974e370f6a1bc95df8d11256cbb3d75e19b68b65116e2261a17e5e1014d616078bb3a0172955fb19453764e9df516b4

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB39w4Sx:+R0pI/IQlUoMPdmpSpz4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7f73563d36f1bd9ee1e717fe90a6b75d4219cde3c0cc6b99a2642c693caa6b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\SysDrvHS\devdobec.exe
      C:\SysDrvHS\devdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\SysDrvHS\devdobec.exe

    Filesize

    2.7MB

    MD5

    f74389575c4eed1c471a17841b51ad31

    SHA1

    ee467886bfa460514ceaadd33e72051b1058e5a0

    SHA256

    dba1437593c1fd22de36778d883a737b2e84a9951f04589feaaf229ef401dd19

    SHA512

    53d7f9b05188afbc3c82f2e4b339dcf60b39dda9bfa85cb30e52e7aa8df6649fca5e9b8cf8bad0821075e95aa6b024c8698df0272b4eaaba72bb7da91544038b

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    202B

    MD5

    b21e278ea1ba78aea980ffac5f8ffa9e

    SHA1

    299369214c54889198ccf4a6a5c72b4f1811013f

    SHA256

    6c733dbafb0d5be7ef30bcce726fe85250607793e9af5bbc6ba4a3ec74e1a4ba

    SHA512

    94117ae44b15f4dc1d04fe43fa065eb2ee452f69d05190be83ba208f460560a2e6c3328469eb22faa55c2a9d335934e638d256abc2e96be03b10b566da3f36ed

  • C:\VidGZ\dobdevec.exe

    Filesize

    2.7MB

    MD5

    9f61b04e3af530bf9f20f0e915752159

    SHA1

    f64fdcb33ca322cea86607e49a769122e9c984a7

    SHA256

    e1020fd9c8cd38e2548141fd3131bc58c5332d84cd6bdb0aeeb814a382581c4b

    SHA512

    4a01b24e965bd70c101ac9780aa82cb91cd31daef98cfd498a65373a6da3324ff6fcf539d57777528e291781cd83c7bd8e9704ff6c5c567c5e390285c5103e7c