Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11/07/2024, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe
Resource
win10v2004-20240709-en
General
-
Target
ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe
-
Size
2.7MB
-
MD5
5dc8d038ba899e75dae08732df2f08d9
-
SHA1
59049183069ffa35f084209be6b4bf9efaabcbd3
-
SHA256
ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8
-
SHA512
e3e27f43b45dfd0471402d85397a31f26e65849e0cc9a6944734e09abfaf87faa51528b37b3899bd5fe2bdb5a2ed0e061231a85cf701ff0a1f361d11c6fb569c
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSp84
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2308 adobsys.exe -
Loads dropped DLL 1 IoCs
pid Process 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesJ2\\adobsys.exe" ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidDH\\bodasys.exe" ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 2308 adobsys.exe 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2308 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 31 PID 2332 wrote to memory of 2308 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 31 PID 2332 wrote to memory of 2308 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 31 PID 2332 wrote to memory of 2308 2332 ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe"C:\Users\Admin\AppData\Local\Temp\ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\FilesJ2\adobsys.exeC:\FilesJ2\adobsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2308
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
199B
MD547857dceb059a95eba318f54ac42072a
SHA1396cc703d9b9156551b42f726594f4f2366c02da
SHA25609068dd23eef79286e6212ac05d9ef9e43d13ae0aa1ffcabb872f17f3666236c
SHA5125453615dbbe3d06886d1c887156c58cb69c1b64a24eb58399ce2cf0ca2b158d92db3553550a42c8ebb1d58788214b67a1d1dd37846d512eae25fc8ce13acc4a0
-
Filesize
724KB
MD5ce931e24db859aab3694d2f567e85741
SHA16884a3e86d86ea2550490139b7c72152d805a7fc
SHA2562f917a0bf668e6da9b1a95f8ae4b84ccb721dca6f614404c82100bdc30c8b8e6
SHA5125b6285d2bef3067d99a1816f4d8d51e090ae04b830783af9462fffe53f2c32bc72cfa25352830875b29fc8a49403a9dd3acf8a0bf793e0c86e5d13176c5b1cc3
-
Filesize
2.7MB
MD5a692fdb36bc8ef30032bd95c8066496a
SHA1d31f2cc10d606271407d6d579940c0fbb98a33ab
SHA25608b69ea0ba1f6d1421532c3cb8a474bdee1b4b01025b2492700a1dd545437eed
SHA51283a7636e0f007d3009ab4a43a2bc279499974831f5fba49d713badf61a893555a74a225f1fdd4fcbbff8e4d65ab2df3de1a1feb2f01599c65599b5e537b2fd48