Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

41ee6d44dc...0N.exe

windows7-x64

7

41ee6d44dc...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 02:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41ee6d44dc5dfb53682985465dd2cc40N.exe

  • Size

    2.7MB

  • MD5

    41ee6d44dc5dfb53682985465dd2cc40

  • SHA1

    615dc7d0096bd5b487a026d6af7111ae66c1a6d8

  • SHA256

    a2688f2ff0615ee8b272550985141b010001e953b82fb3ca09ebf88dbd2d57f3

  • SHA512

    2205aa337b78ba3b669c73cc20f98acb0e6d517070d3d767dd8ec749b81b97ff1350d29932f2348df2135c7ef9930ceea66d1f925066bcc4f008440be82a2c27

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB89w4S+:+R0pI/IQlUoMPdmpSpO4X

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41ee6d44dc5dfb53682985465dd2cc40N.exe
    "C:\Users\Admin\AppData\Local\Temp\41ee6d44dc5dfb53682985465dd2cc40N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\IntelprocJ0\xdobloc.exe
      C:\IntelprocJ0\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    c529602a5b0684ed4fbaf7172cb72896

    SHA1

    cd79dcc0bdd6422773bb73065701200214c9d53f

    SHA256

    0c19206dc3ebead370838224f88de410443c7f6d748983ad76eb94618644c9e1

    SHA512

    29cf3459b54184e80fec672a44970b3abfaf3400bffde19934ad2264e8fd74519b186c502dc341eb554c925f35de050142afd77ab5f72108c6c3ad4c3906ef1f

    Download Submit

  • C:\VidTC\dobasys.exe
    Filesize

    3KB

    MD5

    c7b51062c87a208f9442963c2b20d250

    SHA1

    0e547612586c272a27827db5dbbed56d37a255e7

    SHA256

    e3b4eadabd908d54c7c9252808b2cf750431927782a3b7b3e596467be1bde3e0

    SHA512

    fa80cfdd204d057f6913115178e8c1aa005c35300a166dbe3f278d747a2bd73b6ffc6df2602db45993d1fb681a48db8e6b9a5567228ee5007c7d933035c55e9c

    Download Submit

  • C:\VidTC\dobasys.exe
    Filesize

    2.7MB

    MD5

    b8d3ac0aa19cd74ed2340b00536bf19b

    SHA1

    ecb5eeeb246db1ad0c910f1e517c3a8b1d0d249c

    SHA256

    a88f52dd66b2c5e566ab850300dbc7210abe912c2588da6894d93cc6536a9aa8

    SHA512

    8ab45d55ade55c1ec05c6b1fcac1a48cdfe4ce6a0da0ac4e574d13b6038aa510f72b55d331a4fb42df6c9ba981c8692e7f2fcc3b894956455a99b3bd04f37375

    Download Submit

  • \IntelprocJ0\xdobloc.exe
    Filesize

    2.7MB

    MD5

    0b5cd690723bfd7e273e2534357d0ad0

    SHA1

    2aab39c39632de88e2545b727dcdb177699a9a2f

    SHA256

    6fa3c52bc01cca1f96d5b4befe697f18faa88d0460d248e358ec713141e087ff

    SHA512

    c4c2abad832e31613bb1fd9b25fb0243699725fd6f9a8910b4871f593989f601b2325834dbf7b12167c11482e424719d0ca2444c2860d1e1f3a6eeb1f3868850

    Download Submit