Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1e68534366...d4.exe

windows7-x64

7

1e68534366...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e68534366344db8cd3dd0a60fae3bcc14ab7408c9d1bba1421c83d38cf4d9d4.exe

  • Size

    3.1MB

  • MD5

    3c42714034cd9bb851ea0f3f031f4f85

  • SHA1

    2d762fedabee69e7d4ade09bc96528056a148c7c

  • SHA256

    1e68534366344db8cd3dd0a60fae3bcc14ab7408c9d1bba1421c83d38cf4d9d4

  • SHA512

    4934e07910cb7a5b0abc4b5413a33cc890247ec52e2fb6534dfae43fef7c335669d0d48750ed41df090430bd36ca8edf7eaa96ff8ed38982bd33f425b56952ce

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBJ9w4Su+LNfej:+R0pI/IQlUoMPdmpSpR4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e68534366344db8cd3dd0a60fae3bcc14ab7408c9d1bba1421c83d38cf4d9d4.exe
    "C:\Users\Admin\AppData\Local\Temp\1e68534366344db8cd3dd0a60fae3bcc14ab7408c9d1bba1421c83d38cf4d9d4.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\SysDrv5O\abodec.exe
      C:\SysDrv5O\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZG5\dobasys.exe
    Filesize

    3.1MB

    MD5

    431ebf7b7d99b9fe1710f6253a5d3c8d

    SHA1

    535fcf9925b1e6fafa90462dbd260c0cff1c5b70

    SHA256

    9d9ee33c282b8c595ae815aad76204b8779c458ae6cdcc55ac4956db5f0b167b

    SHA512

    0e17dadf3a994a86f69fdc6afac7ae62e55afb1fcae0f3ce1ad827b6f264aed4456e62531e13652544acaca22b1ccd9b057e92cf2bb3f803c3caf8a7a0a06c7c

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    177263994e8202d9bb3996b85766cd38

    SHA1

    d47faddaa20cfabcb26c67f04be56cd148f7a416

    SHA256

    fcf1e1995f1026a8498880c8b3ed6faf86666c60d0516dd4323c6e6628a1fd83

    SHA512

    c1da7beb9812357bec56576dc169321926b38d208c001354c58eac0ec0d9badda394ec16d6251cbea94642e2d9b31125e22a0eed0e37e50aa5e1384faac11551

    Download Submit

  • \SysDrv5O\abodec.exe
    Filesize

    3.1MB

    MD5

    405f8fb4f15b4674977ba8bfcc3af316

    SHA1

    32b54be44870a982dfe3346266dd1b04b2ccb76f

    SHA256

    15e2303b5de55eb53401f965a36ccd4a8f469af5c1d52746c4ed635c29cc4ed7

    SHA512

    06dd08154cd23c011255e41462d207779e1a5fd09b71d16a7a70771304e54bf7a0806ee286dd3b3e7b9ecdef9e5764545c27d4553d3578efe6dfd01ed36f50ac

    Download Submit