Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3b643ab2f9...56.exe

windows7-x64

7

3b643ab2f9...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b643ab2f96615da4789f1997117edcd86203251134dd8aad7ea90b3a8323c56.exe

  • Size

    2.7MB

  • MD5

    0abef5fe35f2e93b59d532736a0e62f0

  • SHA1

    f91ec1ac0c869af35f77740806405ddf2dccec1f

  • SHA256

    3b643ab2f96615da4789f1997117edcd86203251134dd8aad7ea90b3a8323c56

  • SHA512

    32ac89f7faf640af2dab07fe667b0f6100d11b0ad96f1edc7cfccb0f97061b15d536fec97ce33ef09092291f4f3b591246d230089c4e97546fb5901a95230bc5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpj4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b643ab2f96615da4789f1997117edcd86203251134dd8aad7ea90b3a8323c56.exe
    "C:\Users\Admin\AppData\Local\Temp\3b643ab2f96615da4789f1997117edcd86203251134dd8aad7ea90b3a8323c56.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4660
    • C:\Files4Q\xbodloc.exe
      C:\Files4Q\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3656
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3852,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3672 /prefetch:8
    1⤵
      PID:4244

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Files4Q\xbodloc.exe
      Filesize

      2.7MB

      MD5

      92dbbd1c515335f2a35c0103ace6f548

      SHA1

      bb3601ea05960628e520709b03db841b63f25162

      SHA256

      ff67cbc9e68e45ed8ffb8444848649ba8569fc1d4ab6dcb7d868c50f3758c703

      SHA512

      50282d1d8053358c5195d0992c52e70d7a3f27f3b5787b40bfdd54dec5e7b0ec32b424533871c069d4b0ccb8f6b763ab8e138f788175090ecdc2b3ff547083c1

      Download Submit

    • C:\KaVB8T\bodxsys.exe
      Filesize

      402KB

      MD5

      207e8888e80c8722795eee31bb1a1e0d

      SHA1

      ef63647dd8bee52a5e9e7dd0b989ddf684494911

      SHA256

      28086e1d7562eee5ab1f8788fff71aae280acd8fdef4c4f1b430c2a67496bbe4

      SHA512

      86bd7a72e42cc78a05b48b5f36b1a0de33aafc64b8fab67ca5d1bfe230ed6c82017fae75d3e5fe02672af66ba4ba3d51eb7c2454726e7145dd8a3453fbbf60a9

      Download Submit

    • C:\KaVB8T\bodxsys.exe
      Filesize

      2.7MB

      MD5

      3c2f82a236ba98872bec99b870e52dfb

      SHA1

      6eb777edaf8c41b630dd5348468f39eeb44a3cae

      SHA256

      71dead943bc171d6be7af9ca8d9b5b9b96a1e72d5bf7bb0301adf92c150c0400

      SHA512

      74103af7d1aa8d70bb22703d7df48aec7b254c4d345bbf7339b9d71edd18227ba2353c5652fe90e6196d83417b8fcc5cf0e0fbda64d6cb95761f97f269a46241

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      201B

      MD5

      335298937243a2ef2b6c4052d9c212a6

      SHA1

      4da926444e3703126b84cabcc7f68bc128d25939

      SHA256

      9cc422bf95b4762e304716bec799aa99cd9874ed618f490cd814542e9e3e7356

      SHA512

      4e91c88bf3a9ee19fc003cca3af44b810c0d97e74baa998a47c38e95404b1b53e6d7531bdaf98a76a7011fdc29735817ce288e40c04bba80ac0b19bbec0ccf97

      Download Submit