Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 19:13

General

  • Target

    120a67a0a6b68b78ccd3a295590dd4d61fe4d79462983942b6f12419345455ca.exe

  • Size

    2.7MB

  • MD5

    fe9745767caa342b758b5a1e59163cf9

  • SHA1

    75fc1c1afe3e4eb243b3300753c1d541d3cf4ccd

  • SHA256

    120a67a0a6b68b78ccd3a295590dd4d61fe4d79462983942b6f12419345455ca

  • SHA512

    1d64d5f303cc2fd9f6fe502c9c2acc7b1df7c0f36301cb5a7989de001a633744aea6bc4244fb41161b931f9d1780eadc9475c53bc4ddf9603d608c78c458886a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBJ9w4Sx:+R0pI/IQlUoMPdmpSpZ4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\120a67a0a6b68b78ccd3a295590dd4d61fe4d79462983942b6f12419345455ca.exe
    "C:\Users\Admin\AppData\Local\Temp\120a67a0a6b68b78ccd3a295590dd4d61fe4d79462983942b6f12419345455ca.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\SysDrvDH\devbodec.exe
      C:\SysDrvDH\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax2E\bodasys.exe

    Filesize

    13KB

    MD5

    c41dc9af6b4d2a08015e3c5b0cb7301a

    SHA1

    7ab6efdaf5b348acdb7ea1f4818473a460ccbf67

    SHA256

    5ecc0eda6b276364ee7bf1bf425e7db1c4c3c070dafa48eed9b441e6b60d1f3c

    SHA512

    ca143456a373a076d715ead506f0f553aba551352d380cfdef32496c96c3b15b55cfe2390c5d1e5e9385ad9752d46b2dc99dd0634f1476a1e77a872bf0746f89

  • C:\Galax2E\bodasys.exe

    Filesize

    2.7MB

    MD5

    5b8f51167d76b7e26a1e73563407f798

    SHA1

    efe01c57048c8955c8fe1f07b410c96d58d2957f

    SHA256

    7a119c329cdef41ba7c24648b70ab54ba94fc2a0a3f5197e96c597c093e041b2

    SHA512

    e7422a74117ac5e82b6d9bcc0cd851461728000fca0764709f8a369bd51ee38fde96685b06150c79c075a3ab5be7c81120d63f2ddee2c71ea498bc63c260521f

  • C:\SysDrvDH\devbodec.exe

    Filesize

    2.7MB

    MD5

    8570d2749c1ab38114c88518382ff833

    SHA1

    7beea2e4d4a9e7ce38f548ae1fb2df0c3df94646

    SHA256

    963d68a46a0f8cd0e8771be21f7ad6f4dd8022f4b3b25caee89325b3ef0a5aab

    SHA512

    3c1d97666022dac9233b7f8c22f00bed19278df8c97ce7fdb82fe8a89bf04899daa40aeef17c9a761694da042c75900feec76ceceb94f746e7c201378aa62c45

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    2c0b3a3e9b2d8590a355bd3ff35f28a5

    SHA1

    9f1af4c304cf5ea9cff5dc4cbb342a9940909dbd

    SHA256

    7c58ed0c0ef820dd77c671aebdf967e4234306882570940757e94b2c6bbf48ea

    SHA512

    4fe16bb8a6e77fcd218bf08188e0a8631cd17499199a8cdde24c4caed8754124afb22fd1a9b4c0ef32228e3ae7953747663eb7909d04083f47420ddc22930411