Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1589949448...0N.exe

windows7-x64

7

1589949448...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1589949448e34351d5d4c4e5ef32b2d0N.exe

  • Size

    2.7MB

  • MD5

    1589949448e34351d5d4c4e5ef32b2d0

  • SHA1

    eba74eada380f8e45fa30d645d8b7a7d3308b8e3

  • SHA256

    5a0f2afdc89d63b364f9137f3537f07818e4d4090511b5369c64ced04fa1ae2a

  • SHA512

    07d9e42aa9eccbd1f614c4b183ab089547235226e8cbde5fa12406c387bcf5d6e2a2bdb9ef4f7c7697438a0c3895d8fb4a74e984b1d3d23e7f692c46d6796965

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBD9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1589949448e34351d5d4c4e5ef32b2d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1589949448e34351d5d4c4e5ef32b2d0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\AdobeK8\xdobloc.exe
      C:\AdobeK8\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZO9\dobxec.exe
    Filesize

    2.7MB

    MD5

    58c449228dc7751ce63c489cd4033842

    SHA1

    dcc5351fadc9e54bb2af2bb79a3e775f6b66f664

    SHA256

    cc6b8142e99ad5b2ea49d20f53995334e676cd4c1207cc026ccb47ec08915e0c

    SHA512

    744c66c8a029d1b910f47a8a4e034c5eeb9af10885f713cdb466b444ab5d6ff97cfced3f6863d8be2b1d12fce0691a842e1fcad49d8d7ec05d42fefe2551ef4f

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    7a2fc684b1b4cc1638ac87ebe1a7bc44

    SHA1

    6cd1307cbbbaffe174f69af51f076c830e8b37b2

    SHA256

    08c3fc9b5890a73c34d8097560a3215d5f2154a3a1ef75f23557026a18672376

    SHA512

    c11dc40ae10580200b53f95f2b1d363eac3f5e1c5b01fe3e60078d8d2a157ee879c63339c5481cff15cf5b10572276b45607060b1a61f18ca05ea5725f6acc02

    Download Submit

  • \AdobeK8\xdobloc.exe
    Filesize

    2.7MB

    MD5

    009f7a1192bb4e5b2763f8fa713f07bf

    SHA1

    8f100396874fa7887e3a5e00ca79c339adc7e32d

    SHA256

    42e88f2a93a974b064f5d6ea7449a6b9fb3fc1dde309122c53e004aa269b2d89

    SHA512

    d729348492ff73a93ca12e7169a6d79f131ec79f632e48e6d8eda7cf5522d010fc6857a704d7f835c3827cb4cc6ed149f01800e0e4bcaf9f7f76e7c15cdac730

    Download Submit