Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

479c1fbfe7...73.exe

windows7-x64

7

479c1fbfe7...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 21:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    479c1fbfe79efd057547f0f4c266fa68dfe44910a6ede3b89c3c1b8e2a531573.exe

  • Size

    2.7MB

  • MD5

    0b09312f2898c0cd5aa304813435eb4d

  • SHA1

    18f55d6ff76eedce06b87cc4c6c43d1907f938fc

  • SHA256

    479c1fbfe79efd057547f0f4c266fa68dfe44910a6ede3b89c3c1b8e2a531573

  • SHA512

    7f293fe971dc67fab84da2eb57e71e7acbdd862ec02115955f86652a75954afb822e89d921fe4b3efeea4072b53090221363045e5ea5d941545c23ad1ef42cea

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBl9w4S+:+R0pI/IQlUoMPdmpSpl4X

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\479c1fbfe79efd057547f0f4c266fa68dfe44910a6ede3b89c3c1b8e2a531573.exe
    "C:\Users\Admin\AppData\Local\Temp\479c1fbfe79efd057547f0f4c266fa68dfe44910a6ede3b89c3c1b8e2a531573.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\IntelprocGZ\xdobloc.exe
      C:\IntelprocGZ\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZZ5\dobdevec.exe
    Filesize

    2.7MB

    MD5

    4da7db7ef60bf2beaab0e9ac6a736021

    SHA1

    42c126c35a7791b70f4d2f0dc91a283075f72ed7

    SHA256

    9f778dd9498be441880bf3aa996ee1ae96a95e3fa8225c6a50ea6d2582e01e7e

    SHA512

    d6b74e391982de4c3b6f579d1a18629de1057292fc16443bbb55fb4d8f5db9a1da6f4281a2f5bbd21878c82eb33378772f41e0a586ac2841527ae1665b91ddff

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    c98eb613026b658bd0109c7b5032a71d

    SHA1

    48bbb257622ce5e4a121cb073fc1ee9817f5a70e

    SHA256

    efd31c564c04145c46a0d9ce1851dfe95f33af2ad3ec93af980283f9228e696f

    SHA512

    6731e970a43503e9b441a04e8e2cbec183908ff90cf14777e3d8aeb9f7734c6f38dd2725f036f3451a50564423a73fef490d0e67c20ed206508b3474a051a81b

    Download Submit

  • \IntelprocGZ\xdobloc.exe
    Filesize

    2.7MB

    MD5

    6d6fb64f43cf200440bd771fef59026e

    SHA1

    c5edc66164293dcb4008288dc3ab87654e9aa3dc

    SHA256

    d31eb35417da6ab9b0df63cbb51b7b0e98c32b23e47b2f0ef944a64b58fbbeb8

    SHA512

    4caced87b41ba2a8326542f0744e7f1153b1ae0d7b1e6f6a5af89282b5eeb690cfb2d480200010e41d37392abeef93f0c15f19dddb051faf2017d39184a113d1

    Download Submit