Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2024, 05:24
Static task
static1
Behavioral task
behavioral1
Sample
f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe
Resource
win10v2004-20240508-en
General
-
Target
f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe
-
Size
3.1MB
-
MD5
3e4e96e2d5e0f1544b85afe1a138ad74
-
SHA1
4710270e170afbfe822aa635aa62f8a75abab153
-
SHA256
f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6
-
SHA512
2d186cace7ab782e850a4247c283f2877850992cf34fe380c445733e394ec0e02a309e481d8cd274130844fb87062dad18369ffb22431d778b88a9c07fb2711c
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBq9w4Su+LNfej:+R0pI/IQlUoMPdmpSpc4JkNfej
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2852 xdobsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintDK\\dobdevsys.exe" f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotJ9\\xdobsys.exe" f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2852 xdobsys.exe 2852 xdobsys.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2112 wrote to memory of 2852 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 94 PID 2112 wrote to memory of 2852 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 94 PID 2112 wrote to memory of 2852 2112 f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe"C:\Users\Admin\AppData\Local\Temp\f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\UserDotJ9\xdobsys.exeC:\UserDotJ9\xdobsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4020 /prefetch:81⤵PID:2368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD5a0f509c80427a83c9fff5513287a3456
SHA1464829162371e80f528cf7e0d84d0be2d96b9215
SHA25672034e47a4dbfe5282862251344d3c7c503e4d6542c9a7ffbed68c771ea772ea
SHA5127607feeaea5d6e7bb118bc30abd015e1a0e38259663d2226d455387cb41ee16fb7a55d3eb0d1956dcbaa0c83b01c2e8fe4afccf92519f47f9619238e4b19b0e2
-
Filesize
2.4MB
MD5e4d59044acb8ba8e979225abd493cfe3
SHA1b84004d8238b9d3c1ddbed22a966b4ea9511a986
SHA2566ff01081d996554dca0b73040d5ef547a3af7cc7e6a383d9146917e9b45dc7d8
SHA512435e2ba33cbe4f8f052a9a3ff766922077cd19c0e7b2f93aad11023c3dc6f85dbc2c0962fbbb28fee8d7e8e5e00ffd126f349f24dc5f92ec39052437a5699a60
-
Filesize
3.1MB
MD5941019e8e9a350e52ed06f4a8538ab25
SHA119a5ab97ebf0ab2882695fddacd143f2b253fb97
SHA2567ffe5f70e06bfd8cb4e922f63f4ad3be3a3e3df02e1df37116876d63a240377d
SHA51259be3a65c6f53d1f4cd7df97b616e8076d1988aa2d83620a8bf68c23c97f53335ccea1bb80482f30c8fcfd7b58b1b209aa176176e31ce47fbb3c21b1c0b47a42
-
Filesize
207B
MD5a509f0be8580a748dd77bce877ed788e
SHA109aa6eb666439a65fcbc50e594aa45ffbcbdd0c8
SHA256c2b67f1263b83a62352b5089fda29247a91fcc721e86d8c423489b899e9465c8
SHA51212f77b9fcc6479dc9716a2b2e1f996ccf4922f3bf17619d8f606520ac8a7d478a130cb6b575ab77948ce3d8bc2ee86b80a83c6148ba029b81e5f08db4c43afe8