Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 05:16
Static task
static1
Behavioral task
behavioral1
Sample
ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe
Resource
win10v2004-20240508-en
General
-
Target
ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe
-
Size
2.7MB
-
MD5
b4e13f93f214655ff1e661ebc2997c9a
-
SHA1
e7f33b9eece845d58db7fa0842aeca3e95b0a09b
-
SHA256
ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c
-
SHA512
00e40ebd1c81ef4c2eb3d4ef87d0e1afb701fc5dbeebac9fd115a8dce2db5178a6e9ca199dcd8143af11360e91c20a8552bc355becb8aa6f41be80a272ef12c5
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSpe4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2116 abodec.exe -
Loads dropped DLL 1 IoCs
pid Process 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesIF\\abodec.exe" ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\Galax1R\\dobdevsys.exe" ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 2116 abodec.exe 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1612 wrote to memory of 2116 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 28 PID 1612 wrote to memory of 2116 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 28 PID 1612 wrote to memory of 2116 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 28 PID 1612 wrote to memory of 2116 1612 ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe"C:\Users\Admin\AppData\Local\Temp\ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\FilesIF\abodec.exeC:\FilesIF\abodec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2116
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD50e9a73630321b5bb977e27cb12449946
SHA12ec6d328925b11d4e6d864d6dd5672c65e6adde4
SHA2567b042361ca70eb4e70bdfbf4c0f93d1339869e80352a953fcdb23190771f3488
SHA512596d70564ec86551f9cc83df320deecfae9df770cdff12d5da58e05c1e56e2b409f84813ade953c44abe6700e5da395a7e57739874d12cfc8f73a6749c5328f5
-
Filesize
203B
MD514d071223a443c976b187fa5a0be80db
SHA1dbf7e653aaf9057aa76fcee339490f6a7936c624
SHA2560a594a605a45cbf5361c941a0418902dd1cccfa57e65bc293041b71ddfdfaa4b
SHA51294d74c2625545d3af1cf6fce1759af9afdb3161d83821690407bc4dc055ea4187c3a7b125635004b9bd920a710808ea0383693c691456cabe7a2c32b9e2a72da
-
Filesize
2.7MB
MD5d9908e7297b6fdbe3b185ebc5989b633
SHA119b5c10f72562e0a85eadd23881f906d10db75bb
SHA2560edbfa79b42a9e4ba42da44fd5889802c1d424748bfa59a81b727f2e0048a2f1
SHA512ee4486c7fdcad8eaff4c0fffab7f05f98a8f8ca2871c155681dd093d7f65bfa00b7681ebdf379912d33d0a1915b16780ce9b6a6b06affca998265ae526ab6afd