Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 23:07

General

  • Target

    60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe

  • Size

    2.7MB

  • MD5

    e5f688c2d102219906f56c61e38837b5

  • SHA1

    c30d654f6664510ea82bfce9004395882bf7d44f

  • SHA256

    60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0

  • SHA512

    a5d6e57be0ea0dd7c8ee4a6a55c58c7c79971a1fc63c2baf9e58767891458c8f1e39e7b44b7a4cf1121f868e253785f685f8b423c728469fb9249cc5de72da56

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSp44

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\SysDrvQL\xbodloc.exe
      C:\SysDrvQL\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ47\dobxec.exe

    Filesize

    2.7MB

    MD5

    a511b043f04c0a31c22b6fbcf87ff2a6

    SHA1

    09fbb9963a9415aa1b5752907850f3e313908d37

    SHA256

    4db7a7549b219f7d0d6b39e65e0a855adb6f8d3ddaa2b6a1c2f14f37553a82b1

    SHA512

    7f53b1c32be0b7b0bcce5768f8d8b27bec4897635d9797b69754607d485ccba431624b32be88e3f84aea97aadc69936acb56413dba498f1b0e852fd6b3ddca2c

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    200B

    MD5

    618a1743b022aab9e5368e76d499be46

    SHA1

    39acc4a392ca82702be1c2d3967a3897f26188b8

    SHA256

    b013b536bc1ee73b09fa57a49acb7f4629940d449a04497cb0f275db03a2a84d

    SHA512

    c831b3b60211c25a12f63d45aa071e7e42d19de86870fc1852da23524ad9e5b6ea4affac4333f51dacba6e1e734164f893180f0c84028bb96fbe6754f0b08899

  • \SysDrvQL\xbodloc.exe

    Filesize

    2.7MB

    MD5

    5f628be71846716481026f62f5f2d5f1

    SHA1

    28cce04f9472c782c23d72706a5f717caab963d2

    SHA256

    58c8b114ea24776e971467710cbff3754f1ba1889cf5174692f192c99d864d10

    SHA512

    6619086c1771ef1c564b91c30bafffbb67f3e3f2049325659c225b44ef2568fd00bc5543cd690efb8dcd6667cda4bf1e1724e56d6774b53136ecfb98b5c6d0ae