Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:16

General

  • Target

    ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe

  • Size

    2.7MB

  • MD5

    b4e13f93f214655ff1e661ebc2997c9a

  • SHA1

    e7f33b9eece845d58db7fa0842aeca3e95b0a09b

  • SHA256

    ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c

  • SHA512

    00e40ebd1c81ef4c2eb3d4ef87d0e1afb701fc5dbeebac9fd115a8dce2db5178a6e9ca199dcd8143af11360e91c20a8552bc355becb8aa6f41be80a272ef12c5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe
    "C:\Users\Admin\AppData\Local\Temp\ee0b74e883f1da1544e9a675dd277300aa9ba8060e919efa4ad9dfb8d07b385c.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\UserDotMG\xdobec.exe
      C:\UserDotMG\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintET\bodxloc.exe

    Filesize

    2.7MB

    MD5

    aa4d9dfba06da3fa0abcf5324a49ad3c

    SHA1

    663d1647a76faf4961bc3d090ae36bd423b20af0

    SHA256

    07b1a5caef397e65066b85c9fcc64f435dfd688a1a2f3eff52cb0d823468c605

    SHA512

    3a7a6cf585838c18bb74dc2880d2ecac9280754a5a8c80bda58ab89f62b563e90802453a3f0f7da3df4b67d28edb313c0f7235f2dd61b2ff10973bac888c5748

  • C:\UserDotMG\xdobec.exe

    Filesize

    2.7MB

    MD5

    709edd40c63e57231072947dfe5c0602

    SHA1

    8360d414506a2f3f3a4cf7e6e9190cf5609b465a

    SHA256

    1b2ffa6ddc83ec7e5b90588e58ae9f4b3a7a5f42073b9e2486fc092c17d63648

    SHA512

    e1d7918a2742f75a5ce95a20384454016691933b25a191717a0d9bef897e45d63108d3ead76561e3d49b2678fe3126ea1c51cd95d8255a5b659b2e7a81ddc436

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    60692412b201a1699058fdb803778fd8

    SHA1

    092ce0c1845a1db799161f537cd851146f74dc8a

    SHA256

    11fb008b4e8b3d4123a2cd3a1a6e28fda98ad91e38a6dd91f6662928c2fa07a3

    SHA512

    0b6a7a45e048dc9705c5e125898cc41ce92494f44049a7cb68ef8d4a7684b26d2c63be20d9fac3fcf26939431b04a0fea850f4f55a8dcfb446920aaa2733dd71