Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

02d7fcf26a...0N.exe

windows7-x64

7

02d7fcf26a...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02d7fcf26a18c26e4b9eec835eca6d50N.exe

  • Size

    2.7MB

  • MD5

    02d7fcf26a18c26e4b9eec835eca6d50

  • SHA1

    9632e89d1168d460dc44f7751a61ee0a982fd188

  • SHA256

    58b88628c2236ca689870b45609aa5a4bddb89394fa8565e91626a240d9d6f74

  • SHA512

    648756d5c9c82422ef352647852509d33ecbd06302e25aa1de5d2a329db5d6ee4e6bede68ad2942d5048360f0dbfb0e764a2899dc2a2eb4c476dd4c5f26aab7d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBm9w4Sx:+R0pI/IQlUoMPdmpSp04

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02d7fcf26a18c26e4b9eec835eca6d50N.exe
    "C:\Users\Admin\AppData\Local\Temp\02d7fcf26a18c26e4b9eec835eca6d50N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\UserDotAX\xdobec.exe
      C:\UserDotAX\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZD3\dobxloc.exe
    Filesize

    2.7MB

    MD5

    56f68aadac154ba209a8935c72a22cba

    SHA1

    0dbfac4a09773249752f8a031d83027d0573beb0

    SHA256

    05fbcaadc2112a4985819e131fe4c6cca33d749f3558db15a7a95f9a5d06c963

    SHA512

    3f26af2ec4dab8612cb0b1d873429bd9a035aefb568ac4e8a06a3472d936a6435d9575554e67b0f4cfc6156510c49b00e3ce5e9ed8e27555ed60477f214a3e6b

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    08d2a2e85afafd25236692eb7c7a9e34

    SHA1

    fda3c96fb7616c0716797328c0e78e612b5660e1

    SHA256

    f3608f9ea10e402c8c25a220bcdff32f21b8f9989461ffd9d42f23fa1e0cc01f

    SHA512

    ab0b8096b4f1e933b7958958ecccff2be821a22e1329f2942e34aab020df43e6b89d71c1d3a0a6e82be9ce6c5e4ec2b17300a02174037957824b101fd3ac7af6

    Download Submit

  • C:\Users\Admin��
    Filesize

    2.7MB

    MD5

    e0509fa24492c3b2cec24e68d28b1812

    SHA1

    6e6e6343504d50f46097ffa58f75ff6fea8f7f90

    SHA256

    9b0885df320e7ff4569a69945dafb52ade472a00c591b98d8c3aad77880bd55a

    SHA512

    ebe0b47493e846e395d47c78f032d1e615c6db0b9c2ca807f3f18ae0bd3238698d3cb39342e4fa4dcbba99e745d2ca2dc6d857074f8a504ff3ee2375f2fbb99c

    Download Submit

  • \UserDotAX\xdobec.exe
    Filesize

    2.7MB

    MD5

    078b8d84ff9315833c75a69774df292e

    SHA1

    95da530092b8568c3516072131e989c69fe1df57

    SHA256

    7abe8dff81a7b0261c58edcb2c820cfe6beb41bdcd687b22240576d57159e1b9

    SHA512

    7bfc02824620824681494ec801ffa5062e31bb349825ca037c01a659cc7bddbd985033e66112338b699ffb37452e7b7a2ebbd9238fddab8dd069f75a07a47e91

    Download Submit