Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 03:42

General

  • Target

    ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe

  • Size

    2.7MB

  • MD5

    5dc8d038ba899e75dae08732df2f08d9

  • SHA1

    59049183069ffa35f084209be6b4bf9efaabcbd3

  • SHA256

    ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8

  • SHA512

    e3e27f43b45dfd0471402d85397a31f26e65849e0cc9a6944734e09abfaf87faa51528b37b3899bd5fe2bdb5a2ed0e061231a85cf701ff0a1f361d11c6fb569c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSp84

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe
    "C:\Users\Admin\AppData\Local\Temp\ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\FilesJ2\adobsys.exe
      C:\FilesJ2\adobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    199B

    MD5

    47857dceb059a95eba318f54ac42072a

    SHA1

    396cc703d9b9156551b42f726594f4f2366c02da

    SHA256

    09068dd23eef79286e6212ac05d9ef9e43d13ae0aa1ffcabb872f17f3666236c

    SHA512

    5453615dbbe3d06886d1c887156c58cb69c1b64a24eb58399ce2cf0ca2b158d92db3553550a42c8ebb1d58788214b67a1d1dd37846d512eae25fc8ce13acc4a0

  • C:\VidDH\bodasys.exe

    Filesize

    724KB

    MD5

    ce931e24db859aab3694d2f567e85741

    SHA1

    6884a3e86d86ea2550490139b7c72152d805a7fc

    SHA256

    2f917a0bf668e6da9b1a95f8ae4b84ccb721dca6f614404c82100bdc30c8b8e6

    SHA512

    5b6285d2bef3067d99a1816f4d8d51e090ae04b830783af9462fffe53f2c32bc72cfa25352830875b29fc8a49403a9dd3acf8a0bf793e0c86e5d13176c5b1cc3

  • \FilesJ2\adobsys.exe

    Filesize

    2.7MB

    MD5

    a692fdb36bc8ef30032bd95c8066496a

    SHA1

    d31f2cc10d606271407d6d579940c0fbb98a33ab

    SHA256

    08b69ea0ba1f6d1421532c3cb8a474bdee1b4b01025b2492700a1dd545437eed

    SHA512

    83a7636e0f007d3009ab4a43a2bc279499974831f5fba49d713badf61a893555a74a225f1fdd4fcbbff8e4d65ab2df3de1a1feb2f01599c65599b5e537b2fd48