Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:16

General

  • Target

    ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe

  • Size

    2.7MB

  • MD5

    b4e13f93f214655ff1e661ebc2997c9a

  • SHA1

    e7f33b9eece845d58db7fa0842aeca3e95b0a09b

  • SHA256

    ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c

  • SHA512

    00e40ebd1c81ef4c2eb3d4ef87d0e1afb701fc5dbeebac9fd115a8dce2db5178a6e9ca199dcd8143af11360e91c20a8552bc355becb8aa6f41be80a272ef12c5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe
    "C:\Users\Admin\AppData\Local\Temp\ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\FilesIF\abodec.exe
      C:\FilesIF\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax1R\dobdevsys.exe

    Filesize

    2.7MB

    MD5

    0e9a73630321b5bb977e27cb12449946

    SHA1

    2ec6d328925b11d4e6d864d6dd5672c65e6adde4

    SHA256

    7b042361ca70eb4e70bdfbf4c0f93d1339869e80352a953fcdb23190771f3488

    SHA512

    596d70564ec86551f9cc83df320deecfae9df770cdff12d5da58e05c1e56e2b409f84813ade953c44abe6700e5da395a7e57739874d12cfc8f73a6749c5328f5

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    203B

    MD5

    14d071223a443c976b187fa5a0be80db

    SHA1

    dbf7e653aaf9057aa76fcee339490f6a7936c624

    SHA256

    0a594a605a45cbf5361c941a0418902dd1cccfa57e65bc293041b71ddfdfaa4b

    SHA512

    94d74c2625545d3af1cf6fce1759af9afdb3161d83821690407bc4dc055ea4187c3a7b125635004b9bd920a710808ea0383693c691456cabe7a2c32b9e2a72da

  • \FilesIF\abodec.exe

    Filesize

    2.7MB

    MD5

    d9908e7297b6fdbe3b185ebc5989b633

    SHA1

    19b5c10f72562e0a85eadd23881f906d10db75bb

    SHA256

    0edbfa79b42a9e4ba42da44fd5889802c1d424748bfa59a81b727f2e0048a2f1

    SHA512

    ee4486c7fdcad8eaff4c0fffab7f05f98a8f8ca2871c155681dd093d7f65bfa00b7681ebdf379912d33d0a1915b16780ce9b6a6b06affca998265ae526ab6afd