Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3d99010eba...3b.exe

windows7-x64

7

3d99010eba...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d99010eba207b7cb76b4a8aecce5afd554c695ffc3b86e8ee56a7ae010f1b3b.exe

  • Size

    2.7MB

  • MD5

    6d9b32039eaf1d176925da77fb67bdd0

  • SHA1

    cedcee40087dc145caa5e1041884d4f575247bfa

  • SHA256

    3d99010eba207b7cb76b4a8aecce5afd554c695ffc3b86e8ee56a7ae010f1b3b

  • SHA512

    3fc83cb37b8b0a1795ba528597cd7d68d63f678fa4bd6e593c72027de3f0453f254b05dcaf9c72d772d7da44d5566238872bdec02afbdd8f13d5bf9ea350ddfc

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Sx:+R0pI/IQlUoMPdmpSpv4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d99010eba207b7cb76b4a8aecce5afd554c695ffc3b86e8ee56a7ae010f1b3b.exe
    "C:\Users\Admin\AppData\Local\Temp\3d99010eba207b7cb76b4a8aecce5afd554c695ffc3b86e8ee56a7ae010f1b3b.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\FilesHY\xbodloc.exe
      C:\FilesHY\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxJT\dobdevsys.exe
    Filesize

    10KB

    MD5

    8bb03f5eb2cd8f96453b68599a551494

    SHA1

    ba5f909ff201acda0b64888d016ac41ca08ef328

    SHA256

    db1d248f9bdf4f80c067cff30406d63dad0e7c4f5c8bed10fc2344a50f02f530

    SHA512

    d0d6dbdfad35e6a999154b9765d2dba5c85e8f8b3c2d0f6dc5ab34dfdd1a58b811591c20358170d3e747cb5948a80b8ad67e3240748079482b7a2a28b84d9ac7

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    b257cdf2ca9d466db2b2eae55c67f450

    SHA1

    07c9fa35c5b45e834a0148ac6a0ad31104f9f3f4

    SHA256

    380fa2c2c7bd679ec6787f260c0eed97cf20f42dd7b22e1fd39c62c98f6e84b8

    SHA512

    ee84ab04fbbc86155e0a2af161c6bcf35acb6faddc2e109ff3522466394c20a4ffc163b794648cccf0aa9ba1af66b8679fe916711e23de36b2d926bf2e40f4bc

    Download Submit

  • \FilesHY\xbodloc.exe
    Filesize

    2.7MB

    MD5

    cba77f425c2ea052f83b1caf778861f4

    SHA1

    d16db93c63a90799d7b838d55f46a5c0bb497980

    SHA256

    2b6273f1afb3b8a413e95aa6e49e52fa6229ef3289d91431f001de083d196249

    SHA512

    1b7cf1681295506617e878f26ab65c327ad02cd9963b4a0ea71c1432c97c6ebc6c92a68f6810ab085fa2db60a1daa19fc7119ed0efc3c2566178252526468a91

    Download Submit