Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 06:07

General

  • Target

    59b45f17b13d799e6c4005d204fe8730N.exe

  • Size

    2.7MB

  • MD5

    59b45f17b13d799e6c4005d204fe8730

  • SHA1

    7bbd074484a03778f4c5a50f0e88ce5bf0e0c222

  • SHA256

    4d1b6346c8bc068c413a20cd8e9f814eb9c0fd94f2526edb271bbbb166feb744

  • SHA512

    88da31497b4f37aaee139168f8a077387057af5a6463f518b14bad9aa4112f24d0f22b221657132a91ed69961a54d4b554478b3d5791917eb74a6ed972d01e58

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBp9w4S+:+R0pI/IQlUoMPdmpSp54X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59b45f17b13d799e6c4005d204fe8730N.exe
    "C:\Users\Admin\AppData\Local\Temp\59b45f17b13d799e6c4005d204fe8730N.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:828
    • C:\UserDotPD\devdobec.exe
      C:\UserDotPD\devdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax3X\dobxloc.exe

    Filesize

    2.7MB

    MD5

    6f12b2da66490073bf6728ceed2294b0

    SHA1

    62ca8947738cc97fd55f8c4aeff523b5a19b28cf

    SHA256

    b934016730729b3e49ebd43fa23ea7dcd7287d8287680ee830df53f329a93620

    SHA512

    2e2bf347d523d20e70cd9c76c6ffaceab086640a570733d7010d83d07f31bdcbdc404003d0c482364388a27d39882b853d5911ebdf3ceefdff84fd7c109caa1d

  • C:\UserDotPD\devdobec.exe

    Filesize

    2.7MB

    MD5

    2b0ea5613e22ce7b992e585dba6a2259

    SHA1

    af15a6aa982699c8a5138b8ff240efa3f0444e19

    SHA256

    7f2c531d0bf658dd1965d49ca3b19c2d59f4b118143fa5eb22c5efd4d59573d3

    SHA512

    09b3154080c0caa662b4df2c30d03fe212e07834eca87bb8d1b72225ccda08280b830e9ce0f29b7ad2165eed26b6b07c615d99a7a87d98c186140b81299763ff

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    20a40f225c908c80a6a4281586315399

    SHA1

    45af43d8b9639ecaaedf8d1339530f7e682dc477

    SHA256

    ba2e365ecbb29cef7bc57dfc2b94ec4609eb58d5914a200767a061884de273c2

    SHA512

    9a0c053c1507672e74d045285123173fc96aa6b2ef8e3b2f073a4c2095c0bccc3938652149f81589cd76b12583dba3a9179d2d5a815c97f83eb146c36a77453c