Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

847081187c...0N.exe

windows7-x64

7

847081187c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    847081187c19357b60bfc03f1d9f5750N.exe

  • Size

    2.7MB

  • MD5

    847081187c19357b60bfc03f1d9f5750

  • SHA1

    238a0d33f33721cad445cc3a6d0e20202e88c0e3

  • SHA256

    7e8cba672d3510710e94b10f1b6bd3e2b264449cea90a75b7378bf85e631f9ea

  • SHA512

    551d9ad16bf02cc1a26f3e59cf4fa7fec942c2081e73f900ae00ff34094041445fd1cc97bf3d4ddf5246141eb3aa46cc8aeb8b7ff77c397e6cbc8b9fdf380cd2

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpb4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\847081187c19357b60bfc03f1d9f5750N.exe
    "C:\Users\Admin\AppData\Local\Temp\847081187c19357b60bfc03f1d9f5750N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\SysDrvX0\devdobec.exe
      C:\SysDrvX0\devdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    6133197efb15d73b71a522c46369899c

    SHA1

    7a4c0a0904c261a0500474b6e25c1d4820ed9057

    SHA256

    7b3697fc6bc2510c258b8ab7657530bec25f82880ccacdb4ba27b129d9cd62e0

    SHA512

    0bc1af955bdfe4af5da65c8a16eae8fe35fb6ce410db3f802debbe3b6d17ad681b6b88e766ccd8c21efe27ecd8ca77f40d6123210661d42da82e855f85d67e9f

    Download Submit

  • C:\VidXW\bodaec.exe
    Filesize

    2.7MB

    MD5

    e4de5ddb8b7d5eeb53a9282a1722747a

    SHA1

    f7978233e74beacaf5d9768a11d2e10f6b7fbb69

    SHA256

    a38a23868e3f8cac42fd8f8f0e779347df44d6f2581402948ab751d5d1acdba8

    SHA512

    572dc049f5be290e14aa34be608db17fc3a1e024538c7fa411e77db287315d7310d7321d82e6e88541a9db4051befbd42dd8f76d5c2680c4bb3dbc3a3987ea25

    Download Submit

  • \SysDrvX0\devdobec.exe
    Filesize

    2.7MB

    MD5

    4cf6795d9b0e5e997f4da6feba50d327

    SHA1

    1cd04b0d2b63e5c314e762993d47b80caff5e398

    SHA256

    e676359e06e25c0ff58278937c1fb7219456885857a6a197be46c12cb16c76db

    SHA512

    64c4b6ca99ad20fdf42fe5c9750c05882929d7addb7ebec80ace0b0f2e88ca3c5186a7df407cf5882c84d84a9462ee12190945568fb59b1b4fbfcdddd1acdec1

    Download Submit