Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

300a8a0cfc...37.exe

windows7-x64

7

300a8a0cfc...37.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe

  • Size

    3.1MB

  • MD5

    e70e6e4a6b5e648cd1d602fff778c83a

  • SHA1

    fdcefcf2b24257b4f34df55b5d2c7db579432105

  • SHA256

    300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637

  • SHA512

    ac638bfa41a6dac78a441d35e32e8632a0f067b6b4d672a3764b6696ab53a4b3bcc916557ceaaf8ef6773c72aab83c16941776a050a01bdc3c5cd97c195ee5ec

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Su+LNfej:+R0pI/IQlUoMPdmpSpy4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe
    "C:\Users\Admin\AppData\Local\Temp\300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Intelproc2K\abodsys.exe
      C:\Intelproc2K\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBQC\dobaloc.exe
    Filesize

    3.1MB

    MD5

    2bf9159686c59cc65617e49889e758b0

    SHA1

    72957e5e5c67feb54282eda7e8238f4e3ecbbfa7

    SHA256

    735defa5ac231777b86595ff446946ef2dc46c1cfe7d5438967d834ef1aac519

    SHA512

    4b4d6351fc28d11a689b7f8708a808de0edc41c44daec085611c04325d64cf4eb1d1aee5e0f9995293ec2105906512af86e7b3973156114480beb3c3dc7f52b9

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    16f47cf026ddce14878efd4ca26309d9

    SHA1

    41b1acc028f0e69fe0d246d85097215f0f12254f

    SHA256

    4a98d1d42d0f61bd7bed147da8226eaa8836ab433a2efdee8cba429f79d91087

    SHA512

    ff31299281e4c030a88ad8ac965b40efc77438b60f0c6888bc4b24f6bf84b70c4933947981803d626eea0e08068b19432ca2b033276042a2ace208e5e302b2d4

    Download Submit

  • \Intelproc2K\abodsys.exe
    Filesize

    3.1MB

    MD5

    b34a57e311831d89e5ebb3a0568cbbc1

    SHA1

    602c5e6d69b2c33a2edb338db13c0749ee7d8ee1

    SHA256

    2f8116fe96fe5f58f82e2f6421f62fa5d1018d4e7180dfa12e02e59479027b87

    SHA512

    a39cd66ace89fc7722cdc30226a9282f2bbd76b5f7e00c4d8d109986abc906cdf58f09af9fee53033632f9318d27e92faf7ea0a4c266ee4ac64b4b303c853edc

    Download Submit