Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 05:24

General

  • Target

    f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe

  • Size

    3.1MB

  • MD5

    3e4e96e2d5e0f1544b85afe1a138ad74

  • SHA1

    4710270e170afbfe822aa635aa62f8a75abab153

  • SHA256

    f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6

  • SHA512

    2d186cace7ab782e850a4247c283f2877850992cf34fe380c445733e394ec0e02a309e481d8cd274130844fb87062dad18369ffb22431d778b88a9c07fb2711c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBq9w4Su+LNfej:+R0pI/IQlUoMPdmpSpc4JkNfej

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe
    "C:\Users\Admin\AppData\Local\Temp\f1a708d5ebfe4fd138bd1d1976caa0fba00a26f195375e08f26418572bc7c5d6.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\UserDotJ9\xdobsys.exe
      C:\UserDotJ9\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2852
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4020 /prefetch:8
    1⤵
      PID:2368

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MintDK\dobdevsys.exe

      Filesize

      1.6MB

      MD5

      a0f509c80427a83c9fff5513287a3456

      SHA1

      464829162371e80f528cf7e0d84d0be2d96b9215

      SHA256

      72034e47a4dbfe5282862251344d3c7c503e4d6542c9a7ffbed68c771ea772ea

      SHA512

      7607feeaea5d6e7bb118bc30abd015e1a0e38259663d2226d455387cb41ee16fb7a55d3eb0d1956dcbaa0c83b01c2e8fe4afccf92519f47f9619238e4b19b0e2

    • C:\MintDK\dobdevsys.exe

      Filesize

      2.4MB

      MD5

      e4d59044acb8ba8e979225abd493cfe3

      SHA1

      b84004d8238b9d3c1ddbed22a966b4ea9511a986

      SHA256

      6ff01081d996554dca0b73040d5ef547a3af7cc7e6a383d9146917e9b45dc7d8

      SHA512

      435e2ba33cbe4f8f052a9a3ff766922077cd19c0e7b2f93aad11023c3dc6f85dbc2c0962fbbb28fee8d7e8e5e00ffd126f349f24dc5f92ec39052437a5699a60

    • C:\UserDotJ9\xdobsys.exe

      Filesize

      3.1MB

      MD5

      941019e8e9a350e52ed06f4a8538ab25

      SHA1

      19a5ab97ebf0ab2882695fddacd143f2b253fb97

      SHA256

      7ffe5f70e06bfd8cb4e922f63f4ad3be3a3e3df02e1df37116876d63a240377d

      SHA512

      59be3a65c6f53d1f4cd7df97b616e8076d1988aa2d83620a8bf68c23c97f53335ccea1bb80482f30c8fcfd7b58b1b209aa176176e31ce47fbb3c21b1c0b47a42

    • C:\Users\Admin\253086396416_10.0_Admin.ini

      Filesize

      207B

      MD5

      a509f0be8580a748dd77bce877ed788e

      SHA1

      09aa6eb666439a65fcbc50e594aa45ffbcbdd0c8

      SHA256

      c2b67f1263b83a62352b5089fda29247a91fcc721e86d8c423489b899e9465c8

      SHA512

      12f77b9fcc6479dc9716a2b2e1f996ccf4922f3bf17619d8f606520ac8a7d478a130cb6b575ab77948ce3d8bc2ee86b80a83c6148ba029b81e5f08db4c43afe8