Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26/07/2024, 13:24
General
-
Target
129c3c25f9894fcf66083b2846b52770N.exe
-
Size
2.7MB
-
MD5
129c3c25f9894fcf66083b2846b52770
-
SHA1
e5c0f290b97240c9c5cb89db697c6f19e66f9ea2
-
SHA256
3287fce9623e997a1cf40dea073aee220b4ef82be75b4e72cc29583c73fec1c5
-
SHA512
c62f0e552f511372e18bafac65683b9d7b839a17d3c8812b7a4387b3237c66749ccf55c473e325b2c643f74d8b8929f17bbaf6314ff9207e527412bf87b6594b
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4Sx:+R0pI/IQlUoMPdmpSpv4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\129c3c25f9894fcf66083b2846b52770N.exe"C:\Users\Admin\AppData\Local\Temp\129c3c25f9894fcf66083b2846b52770N.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\UserDotBW\adobloc.exeC:\UserDotBW\adobloc.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5b05545e75e852223878a82c717e9c2ae
SHA1736323463733618bcf94087d1976f600a0e214c8
SHA256c13b5179864d1680cbcc6eb6b852c01a0601cd392a36c0e2d238c407de9f762e
SHA512ac368d7197a2d8b6dd95d3d78829932abcdd8ce860131b099c574f9f43979ba8e3b404a07017dc889950cf372fbda557d91f53283042f4411cad4e4b046c9b43
-
Filesize
2.7MB
MD53abb56f244c26eb548ce0ce732cc0084
SHA1e56c960a787f9ee8e9d143124af682066d84c8af
SHA256f92ac18ec685a132b5127e8296d9e90703ffa2319b2b4fc147b5af8f4794e5c9
SHA5124c6301ff12cc82f62e83cd72fb9f40ef4a9f68a8ef329f979fd3d78ffd9405dac81083013b5c6c78961f867bc29092da1850658079b9148f8c13a37b348263a7
-
Filesize
204B
MD564da390b5f798d7b0842c9af0b315db5
SHA1b22a8b3c966316c621bd58c6c34df04895a6f00c
SHA256d4f9a3e02210954e25d5eb60dc278c4c9f8e6b08aa01b13c3c221948ce3e699e
SHA5126f0a68b936b239657a5ad3ca21bd20889eb27a5bce5bb49f78e190ee628c5df6f3c17dc388b46450ce930c0f40dc65252f8555ffcd1caa2aae63556583c81c12