Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

45cf9b38c2...0N.exe

windows7-x64

7

45cf9b38c2...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45cf9b38c2abb92e59fb4a2995a91d20N.exe

  • Size

    2.7MB

  • MD5

    45cf9b38c2abb92e59fb4a2995a91d20

  • SHA1

    80ded2ec4435d3a1c6554be6a22ab0b56fc14bbf

  • SHA256

    18fab9097be31427c55fc1661ebf7635caa0e65a17965b01228b8505049a3ce7

  • SHA512

    0a6ec45908e9a9f21fb271e47813e23cfe4f0c3a3fbef1abdc477f8691b2a4cbc7d423e958d6206584808d7c0030218cb56cbeb6e32895cc51bd006781988b0b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45cf9b38c2abb92e59fb4a2995a91d20N.exe
    "C:\Users\Admin\AppData\Local\Temp\45cf9b38c2abb92e59fb4a2995a91d20N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\AdobeX0\adobloc.exe
      C:\AdobeX0\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    33014e67da85ad38ca51c0b293f57894

    SHA1

    94b00bb07a21a5cfd9811b9a6227994ac06c25dd

    SHA256

    f97d4636a9ed24f1a0e96267df23f3ec6da10a8492dfbfcf6de2f53541611ee1

    SHA512

    aa3491cad9665f4b90839243fbcd48e8e67cd75d5a9ac7c9b1f4d3d1ffb1354bfa4203cf0903de8f158e8354e46f943c09c1a6087c36f58807f97d1f204f3b2b

    Download Submit

  • C:\Vid16\dobdevsys.exe
    Filesize

    38KB

    MD5

    a99ab379011cfafd66417cf00ac2d7d7

    SHA1

    ce3f51514c4d93324d766c3f1dc1c0eb0e38e97b

    SHA256

    5f17056a78ca3b5ee410b9daacb589608c92827bc3eb7bb318773182bc5a246b

    SHA512

    93ea54b6f7ea2a2f2100629baafdc7051d5bc8838b0f2e4e945575227cc1771ea7f7357bff9e12b262b7a9e3d5ebda2344d9b1224ad9d3fc3f90802e02d6569a

    Download Submit

  • C:\Vid16\dobdevsys.exe
    Filesize

    2.7MB

    MD5

    5c0783498d6b4be72db52943d5a8f975

    SHA1

    ee1769ba13b70295b07075170989242b9e4a14f3

    SHA256

    413ed67a370c23f25aec49603045d582389a4a7941c70d6af270c4aba2a110fb

    SHA512

    0135e3b2801f09120a981050cd33eee2dd373960b507f2d07bf8c8ef4d806c92ed35393587f94d704eede038def686469cda7fb45c2df56d8e329ed3047ef4f8

    Download Submit

  • \AdobeX0\adobloc.exe
    Filesize

    2.7MB

    MD5

    6f9c952168c927581dfe5e11be100241

    SHA1

    1f18caa147a3b88d017756756d2965de414eba95

    SHA256

    3022b59f605b46ac0ce2a0fb8f23258b9cfa5165416ce28c0b50d1604075ba36

    SHA512

    84a2538bc0a5e8d4c4e687a84ada9e80998386c01a3165649c33e915d091e5f861207c21e240f51c679221d5ad4d11c3aae66e9156faf7b8b7741726da78c9d9

    Download Submit