Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

46647e4b02...0N.exe

windows7-x64

7

46647e4b02...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03/08/2024, 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46647e4b023fdac71ad646e3d12601e0N.exe

  • Size

    3.1MB

  • MD5

    46647e4b023fdac71ad646e3d12601e0

  • SHA1

    be3fbc70c5c5e3748cf6a00355eb23ed38dd8fd1

  • SHA256

    d73aaee8bc93378bd9f4ad4859655d879d0aa6dbd78da220b169fa8e3cfe3c6b

  • SHA512

    49c91d1f9fdbe34c3247aad78fe18135d16429d7c83872371087686704fa149b1e9563cdcff508c758cf1aea049f399e514786e60636e6bfa4efe937159a4a61

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBY9w4Su+LNfej:+R0pI/IQlUoMPdmpSp24JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46647e4b023fdac71ad646e3d12601e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\46647e4b023fdac71ad646e3d12601e0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\UserDotT2\abodloc.exe
      C:\UserDotT2\abodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    4e6548dd9c047814b27b670f68e1c132

    SHA1

    b8d7d542c61fcf8307c607e73e3b963d0829583c

    SHA256

    ddb6513e09b8a97d7b36c48a9aa959c172283838e1a0aed93efc43c53e893be4

    SHA512

    981d062fc1be36de5366eb171e6958cddcdc2d1d27a843af75bea16c60f23670d4417c342b2fa4540fe2036d1b93d9e66d401c830aedb6aafd915555e4307ec6

    Download Submit

  • C:\Vid8I\dobdevloc.exe
    Filesize

    3.1MB

    MD5

    cf6ab6fa0d5aec559a447668badc5a2e

    SHA1

    53a368145acc20583b9ffad6ad64cb20ebe825fe

    SHA256

    eb426ea0cdebb2155a20bbc2658e7e615eeaaf402ba24db711fc08c5701505f7

    SHA512

    768b561e772ea0fc73389aa20273e45a132c5288fd8579097e8fa5e9abe56f8bd296f73d36ade26f22f447ddc077c6596d94153ccc3aaaefbc0ec87003f2fcb8

    Download Submit

  • \UserDotT2\abodloc.exe
    Filesize

    3.1MB

    MD5

    7141e40c944f9e7e1023f52ecf8e67fd

    SHA1

    8201a1a51ed4f331797138d2736d56546be4cf2b

    SHA256

    0c6172314e49332624c3168b80434108182b0bdd5f42a067a9a1e5c9d20baf92

    SHA512

    6f19c581599661410e0e0abb14d3ee5ff1f0c95afb97253f88af09a60ac5b01b964c1d2a70ebec4b4a813cca7bea7b44d7db030235b5c32e0ad3514d697a86e2

    Download Submit