Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6097784456...0N.exe

windows7-x64

7

6097784456...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    609778445692760644343b045a142df0N.exe

  • Size

    3.1MB

  • MD5

    609778445692760644343b045a142df0

  • SHA1

    73dffe5fe6d8317cd90f3bc262ee6fe9e6de6df5

  • SHA256

    b761f278b6ebe8aeb7da5a52df097fc86ca43aaeaa02019c9789750bad66f076

  • SHA512

    bb13ba4a7daa7ac2f9eaf0dd1820d248823f9c954a4af1addd96ff5b7779a7fbf1b1641fba6895c5ad5629ae67fc89c54934a65ad369470e8851fb87afdbbd65

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB19w4Su+LNfej:+R0pI/IQlUoMPdmpSpx4JkNfej

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\609778445692760644343b045a142df0N.exe
    "C:\Users\Admin\AppData\Local\Temp\609778445692760644343b045a142df0N.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4932
    • C:\IntelprocV4\devbodec.exe
      C:\IntelprocV4\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocV4\devbodec.exe
    Filesize

    3.1MB

    MD5

    77d6f6150ec68296750c477a39b823cf

    SHA1

    e3270c3f92ccc2a5ef20600ee4c5b7dcd2b00a15

    SHA256

    34ee890f0e62f39518a920327756f99c9a89f80cdaf67fd6e8fe8caa7fdb7544

    SHA512

    8e72ff5e89f56c3d839bedc1d7e1fa51659c2b2f243e52d61eede5aba526997c6d4515784b1876380f61f7cbdf3febc13a66fa9b667ea97eda18f62de81c1505

    Download Submit

  • C:\Mint8G\bodaec.exe
    Filesize

    7KB

    MD5

    6a2bcaa62ba0181eec685eee3e4c187d

    SHA1

    3aa5f45a220d8753f3ccba0c3dec09390ec27cff

    SHA256

    f0b3c0c4be6bbe16b3e2ab148026ab961cb45984a6db5ae2a2382c84bdb132c5

    SHA512

    b53cc3525de065b6028330587ca19a4261685d08b4d463b469df9f8aeffc94cea29c5ed316939a7aa77ff7e0f6cbc5b5fb26a3c5df2a364ebabc311c6a186b8a

    Download Submit

  • C:\Mint8G\bodaec.exe
    Filesize

    3.1MB

    MD5

    3cbedee009307430e1ae301ca4712f02

    SHA1

    da705abfb755311978517dc4ab366c52dfe98fd8

    SHA256

    df3e52d3da58c2345a9944d76daa3fc64fd8663321eca6a2622fbe3cf95914fe

    SHA512

    9796205e31fbf0f36f09d488a7d0a85eb2d1232c79cfc459c77923995e9abbfa7a0a8debf64cfb28ff5a253da5334a244236e0a9855cb2495ede2cba4f51b99f

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    496f40d351bee79e527a4b825e0d0271

    SHA1

    3e3f58df09450b1d8b5b1fb4e3e34115a99b355f

    SHA256

    53ed26589e5f355fd5e85ca1b78b2d45babcf33877e855cb14599f393fe4e80e

    SHA512

    665e8329888aba9a3c56632c7f661682c4bc4df59f230bb9d85e4b8c2a6e5aa989afc15465aded3f099446dd11c7847939a8dc7c21e67646462b9b183702c14c

    Download Submit