Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 03:42

General

  • Target

    ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe

  • Size

    2.7MB

  • MD5

    5dc8d038ba899e75dae08732df2f08d9

  • SHA1

    59049183069ffa35f084209be6b4bf9efaabcbd3

  • SHA256

    ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8

  • SHA512

    e3e27f43b45dfd0471402d85397a31f26e65849e0cc9a6944734e09abfaf87faa51528b37b3899bd5fe2bdb5a2ed0e061231a85cf701ff0a1f361d11c6fb569c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSp84

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe
    "C:\Users\Admin\AppData\Local\Temp\ab4e5a3c78fec91b2eba015e419ddd3079a0cde1a915386ccbd794b8f68a92b8.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\SysDrvH0\devdobec.exe
      C:\SysDrvH0\devdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintCD\boddevsys.exe

    Filesize

    220KB

    MD5

    23d93d928c12a90357587ff387bccdfc

    SHA1

    a8bd6612780d385f03ed72accb3f1ed108d44410

    SHA256

    92145b08641c27c9dddcb21076dbb565d6a6ca480b58e0347c98e9553ed4f9e5

    SHA512

    46117c6d0142bc78f452a1be06b3622b8fc362001a875263cc9f31a57c4f2e7aaf6cdf2b24088294ba13244cde0c40cf855f2789ea33f7004af2ca2029ae70fa

  • C:\MintCD\boddevsys.exe

    Filesize

    2.7MB

    MD5

    27cbab55b36bf7171fa7a8a7e246f88c

    SHA1

    d4a8d959117aa61f8aa240d1eb3de270dc53dcc4

    SHA256

    cfb9180c42267486f289d4691b0fffc7ebb97995fedadaa2e08b3bd5dd24d987

    SHA512

    dab66005e2a9fd5ec9025845c5dfe37f066b029c407f1082f9545029415dc98b1bcc81760afc0ce8a432b7ac42759f13daa9f02b9f198a189f7c3bb0bf60ae3c

  • C:\SysDrvH0\devdobec.exe

    Filesize

    2.7MB

    MD5

    92369a08e06b9753fa4c883e418802d5

    SHA1

    e1e103e2f3d939ec499157f4fa7ff726d49cfe2a

    SHA256

    b434c4cfde1fa5a50156d1c2202690c87aefbaf73ff01dbd9246bab2b422be64

    SHA512

    4de38df8e6f61d68c0a49d4151c7ce284dc4b68359dd7039c724e5ee02d082f395abd05bc17de16b991ee1b3efffe860090fa35af09f77679b67e53ee425bf92

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    205B

    MD5

    23cbbdaef2325e99062ab8acb878f2eb

    SHA1

    a2868f0b9b74935331a5abb0ab27fe7d26194c4d

    SHA256

    b6714cc9ada0c882edc1d5d219331546786d63942bfa19b4696719f06857572b

    SHA512

    1f87cfdfb79ff5733f009d933e815760304f56963cb11c0bd4c8720afe29f4d8003fc3af7e6443b8ea2246e5995c356d44b74d26fd41b4611de15e12a1e5f556