Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
01/08/2024, 21:36
Static task
static1
Behavioral task
behavioral1
Sample
2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe
Resource
win10v2004-20240730-en
General
-
Target
2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe
-
Size
2.7MB
-
MD5
79e707efb222bb121befbbc316c4852f
-
SHA1
f292ab6753800e4742296087f6f03aaadb215cb8
-
SHA256
2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8
-
SHA512
c861fb2fcf4879d3d2a0389f0e2c99285f842d8a9aeb4498ac2cbb2c798c2a5906db5bfe7158ac1a8b7c354644111282c3be9ffc535fd2f0410aa7ce3ab21cd8
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBg9w4Sx:+R0pI/IQlUoMPdmpSp64
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2460 abodsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintTC\\bodaloc.exe" 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe Set value (str) \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeBP\\abodsys.exe" 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language abodsys.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 2460 abodsys.exe 2460 abodsys.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3528 wrote to memory of 2460 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 86 PID 3528 wrote to memory of 2460 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 86 PID 3528 wrote to memory of 2460 3528 2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe"C:\Users\Admin\AppData\Local\Temp\2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3528 -
C:\AdobeBP\abodsys.exeC:\AdobeBP\abodsys.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2460
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD595f9624e936f8031397a56771573f28e
SHA1621d0af715d5269e957585e3342d271efd5ecb9e
SHA2567f2d7b18c72d7bf1b96e97f97542389aa42af91cbbe75e0bf8621d119644f4d5
SHA512ac87e31cee6d6e6f62c96b9f9513a39344c3747fed68424c1fba1d7d3d7f092ed110f5bfa6646e941e5693863d403c95560bcc2e38d810775c5ac46a2800b4ec
-
Filesize
2.7MB
MD587d74fb47c9c0d581702b133a17c1ac4
SHA195d07477219f7067231df05f256d487059e1e81f
SHA256da4e88d734f1fb728ee32b3d49dec693d62feecf86ddb6e79f4db55b48f2ffb3
SHA5124188a1b64b9fb73324197a3105eb9addb93679bb5dac768bd44ebbae645bb11c72fdc1a14571e836f7593aafba1060c054a29efd5d3f2a431ca0798ca7a7b2c5
-
Filesize
199B
MD5c18c082d6c54f4ae3ffa14f88b8e78ad
SHA128910a2f2e3a7de288f587c3e7909ef21be3afe5
SHA2567a46032a884f59f3d846ab03923b8d6080cc8f1f97d3e4a94d5eee1c0eb8b141
SHA5129f01fb287359c31d4538de4cefcb33e2166d80d48b6ac5f7d29ac35567d2092eee74ff9ff6c3bf8ce92d0b7a4d3a62ebd97d82fdf4ca9d1c4009151e9a421db6