Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d7c73b050e...ea.exe

windows7-x64

7

d7c73b050e...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240708-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7c73b050e80094a4b108a31c9dc4904b4dcfa1f04348698fa97e2b349cb13ea.exe

  • Size

    2.7MB

  • MD5

    7f176e69f1362c0c1337af4149cb751c

  • SHA1

    2cf250b2f27cfcb9850ae8b60e43fb2f93822d7f

  • SHA256

    d7c73b050e80094a4b108a31c9dc4904b4dcfa1f04348698fa97e2b349cb13ea

  • SHA512

    0786145e68b19b6b1e8ee765bb06b1dbd822e69378296cc18a54aa25d637388fe102f11266a28bd56bf311f5d3a6dc4e0b63ed277b506c5678b91abc55a24e3a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBF9w4Sx:+R0pI/IQlUoMPdmpSpR4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7c73b050e80094a4b108a31c9dc4904b4dcfa1f04348698fa97e2b349cb13ea.exe
    "C:\Users\Admin\AppData\Local\Temp\d7c73b050e80094a4b108a31c9dc4904b4dcfa1f04348698fa97e2b349cb13ea.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\UserDotJK\adobloc.exe
      C:\UserDotJK\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBTQ\bodxloc.exe
    Filesize

    2.7MB

    MD5

    75225b5d71e7c412268384bf7aa533eb

    SHA1

    8e87c44b13797b0ae6f51c79c74cf98d74237132

    SHA256

    f0375bd7d0d6d21098a4af8e97224e36ec26b6c41116fb75df489d94ce86304a

    SHA512

    96850b1ea4b4221a866570d06a6098450edebee9430196a072bd180fb81514988fa4330a817c650e06ccd99fc031f7d5236647899fa4489e36501bd48c68dc2b

    Download Submit

  • C:\UserDotJK\adobloc.exe
    Filesize

    2.7MB

    MD5

    c4b068bdcf4ca909ec8ef502b7103a97

    SHA1

    aac47ff498590b17a94fc6f55da94b84366c8ce5

    SHA256

    3673a6e8304a3bd5ba41ea6cd46bde73f5e16a6cf44cb603f887b1eb1549cf08

    SHA512

    a0724344e9da2c1a49b8542a33b3b5f11782236a44ec6fffe1fd723e146033e731b898029f9899b1a3a41cafced8d55d0de5caf7842bfc58a5b4444c4263c663

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    c07364e0da9c59c4a24d642fdce9017f

    SHA1

    83a9fbb71e3c73682bff3473344832b6cd9cdd40

    SHA256

    80820f9266d93ef50f44e0b2be925f57027d6eac08b5e76b3fc48185e8766148

    SHA512

    08348181f4cb1469945f6b21e075c49477b234c8a288c3ca78d97ec2565d2c535974907b0eaa171d69fa175534749a98183395fe78f3d5fc39acfa500bcda0ec

    Download Submit