Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 07:35

General

  • Target

    e8111e1716ee38bc5218cd7d3efd97e0fbc00a479ecb29e5eeb94131da2fb943.exe

  • Size

    4.1MB

  • MD5

    2c71610a8af94a64842addc2fc1baff7

  • SHA1

    f45f3090f9746115c015532e349caa4698bffb59

  • SHA256

    e8111e1716ee38bc5218cd7d3efd97e0fbc00a479ecb29e5eeb94131da2fb943

  • SHA512

    634dc913e929f705da619d5fd8ad773421f0578e0ef92a5e0f101c958a31b81eaf88aa023927c8cda4d303bd63519fbdecae51cb705669ec1c665b21dfc97aab

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpZ4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmO5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8111e1716ee38bc5218cd7d3efd97e0fbc00a479ecb29e5eeb94131da2fb943.exe
    "C:\Users\Admin\AppData\Local\Temp\e8111e1716ee38bc5218cd7d3efd97e0fbc00a479ecb29e5eeb94131da2fb943.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\SysDrvXM\devbodloc.exe
      C:\SysDrvXM\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\SysDrvXM\devbodloc.exe

    Filesize

    4.1MB

    MD5

    66f793173e87eb0301b8384abb23eeb6

    SHA1

    69175811b463980e1fb7aea043be1ba0c4aabf16

    SHA256

    71ed21e1c213bfb30cf4cb4924aaa96af309a03222bb6377be307538314a40d7

    SHA512

    902d075abcd445b1d66acedeba05f9fdaa8b20f52273884f7497d03e64a27fd4fad70f679133892768c9c3eba1daa989bec205cc7f8388ce163114188b40ce1d

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    205B

    MD5

    cb5709f943b815e55c63e03426c96e8e

    SHA1

    6ea02597d29f4c30ec96722c7045146dc6577042

    SHA256

    018da091932e929465914ef3997b6773a103b5c16c7c9cf1a57ccdd0f472f8f7

    SHA512

    76de968ab3e2143da4b4d4d48ef5b1f91664458f15ae12f48e91ba5a393c9bfc4fb782c07ecade1d9fc18967515e2a02e19a0527dc31c6f3da126adae17d2d41

  • C:\VidXW\boddevsys.exe

    Filesize

    18KB

    MD5

    1fb6d5e30eaffc363132260571a751de

    SHA1

    aa4b8236d22ea4bd3feeedc1a6fd2c9b77cc2a67

    SHA256

    9e63d69d3ed9dd732691cd76fe140cf73fc4ae4656ff267961784f93dd6067c3

    SHA512

    6087f23e55dd0cb2283401aea58c779b29712b4e32ade4fb94d66ea8096aa04f4aa4a5f05b19298b58960550f01c5a614bfca297c5e5790493e24768678e3896

  • C:\VidXW\boddevsys.exe

    Filesize

    4.1MB

    MD5

    8ebfcc6bf5b08fa03a87f8ac3e5a7c48

    SHA1

    938cfb2260d1f2d697a8d1c2dd46e2f035b14984

    SHA256

    e2572fd9c4543aa6c9d8278dddad07c6e64080649ea88ec0346938a71c5ec064

    SHA512

    a1bb3d2fac669fe82d195ad01936423f587464b78b61fab8de18deb6b8477fc7be860212eb91ba8f976b567c91b8763676fd6acd6f1b75d5ba30a7f0b21cbafd