Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2720736df5...d8.exe

windows7-x64

7

2720736df5...d8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/08/2024, 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe

  • Size

    2.7MB

  • MD5

    79e707efb222bb121befbbc316c4852f

  • SHA1

    f292ab6753800e4742296087f6f03aaadb215cb8

  • SHA256

    2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8

  • SHA512

    c861fb2fcf4879d3d2a0389f0e2c99285f842d8a9aeb4498ac2cbb2c798c2a5906db5bfe7158ac1a8b7c354644111282c3be9ffc535fd2f0410aa7ce3ab21cd8

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBg9w4Sx:+R0pI/IQlUoMPdmpSp64

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe
    "C:\Users\Admin\AppData\Local\Temp\2720736df549517979625caba8a0a8dd7f23622683e46f3831d10e3d43b0eed8.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\AdobeBP\abodsys.exe
      C:\AdobeBP\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeBP\abodsys.exe
    Filesize

    2.7MB

    MD5

    95f9624e936f8031397a56771573f28e

    SHA1

    621d0af715d5269e957585e3342d271efd5ecb9e

    SHA256

    7f2d7b18c72d7bf1b96e97f97542389aa42af91cbbe75e0bf8621d119644f4d5

    SHA512

    ac87e31cee6d6e6f62c96b9f9513a39344c3747fed68424c1fba1d7d3d7f092ed110f5bfa6646e941e5693863d403c95560bcc2e38d810775c5ac46a2800b4ec

    Download Submit

  • C:\MintTC\bodaloc.exe
    Filesize

    2.7MB

    MD5

    87d74fb47c9c0d581702b133a17c1ac4

    SHA1

    95d07477219f7067231df05f256d487059e1e81f

    SHA256

    da4e88d734f1fb728ee32b3d49dec693d62feecf86ddb6e79f4db55b48f2ffb3

    SHA512

    4188a1b64b9fb73324197a3105eb9addb93679bb5dac768bd44ebbae645bb11c72fdc1a14571e836f7593aafba1060c054a29efd5d3f2a431ca0798ca7a7b2c5

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    199B

    MD5

    c18c082d6c54f4ae3ffa14f88b8e78ad

    SHA1

    28910a2f2e3a7de288f587c3e7909ef21be3afe5

    SHA256

    7a46032a884f59f3d846ab03923b8d6080cc8f1f97d3e4a94d5eee1c0eb8b141

    SHA512

    9f01fb287359c31d4538de4cefcb33e2166d80d48b6ac5f7d29ac35567d2092eee74ff9ff6c3bf8ce92d0b7a4d3a62ebd97d82fdf4ca9d1c4009151e9a421db6

    Download Submit