Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1b03326eb0...0N.exe

windows7-x64

7

1b03326eb0...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 20:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b03326eb0891edd6f64d4a7e006d7a0N.exe

  • Size

    2.7MB

  • MD5

    1b03326eb0891edd6f64d4a7e006d7a0

  • SHA1

    b31b549ceb576952220affe3d5c3cb39fb34f1ab

  • SHA256

    8d94fda133b16643fe8f28a71e5c5b0e7053666a6f782f9c141d990c465d7a6f

  • SHA512

    b0f06af1dfd48367920c41bbeef50e1998071f6666af5248247fad9c166e7b47329eff60e634602a8a999697ac25883cd997cbcc212d2b48ef05672d368155a7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4S+:+R0pI/IQlUoMPdmpSpT4X

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b03326eb0891edd6f64d4a7e006d7a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1b03326eb0891edd6f64d4a7e006d7a0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\SysDrvKT\xdobec.exe
      C:\SysDrvKT\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZXQ\dobaloc.exe
    Filesize

    2.7MB

    MD5

    13959ce59c86e3d1aabb75520b11ae5a

    SHA1

    b3735363c70ba314536566647d2505fe3d1c1135

    SHA256

    f72f12db75a68573b38c0069a82c2e9bf29caa93bb34044a54e7daf7f728659d

    SHA512

    7347ddd2e4a8a4310ddd948fab65aaf1166893efddda1a90e2698c5d8b17632b7349f2c321f3c7edc30386fb300cd0fa0af1039b5779dce14c669fd3adbc1a7a

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    cb0c163579b425c1edf013c486daea8d

    SHA1

    2c5ad20b0c4c734b94469960c5fbc1d210e4b186

    SHA256

    b4fa3d0a785579334bf4a373f1ab88428a556ed98116e8010cb3984257cfe3c1

    SHA512

    e09bfc3d34c290d298d430e885541a4bdd9110bdb4d32a01657cb737180007ac7b186984662f8cc78079e4753fbf598e3cb3098b3d482003f511f6f2eddb4f3e

    Download Submit

  • \SysDrvKT\xdobec.exe
    Filesize

    2.7MB

    MD5

    83acbf8fda238d677240f1be838447ef

    SHA1

    9b5c7529df551ce588cab4ac0d58ad60460f6862

    SHA256

    957c8512a4de36e8f888885d4442005cc09f30d06ec0c6135e4165595040aac7

    SHA512

    8e3bdff92addcf2b635c6126fab9417288303526528351a876afe8bf15068250dc8aa4493a1e9619cf090a41f000814e6f03509a8f74c3c1305805f4e8988d98

    Download Submit