Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ddba06d576...d7.exe

windows7-x64

7

ddba06d576...d7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/08/2024, 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ddba06d57625c8b4176b548351225a35c316ae9dd8fdf3c25d1c7a5cba78e9d7.exe

  • Size

    2.7MB

  • MD5

    617b35f38748aed9d3ab8e269e49b7f8

  • SHA1

    ab549551f6c87858b4ab4f1f79b4b08fc14bf53c

  • SHA256

    ddba06d57625c8b4176b548351225a35c316ae9dd8fdf3c25d1c7a5cba78e9d7

  • SHA512

    56a7696c0ddc7e853d63797477ad3e7560d37d80759bd7980f9cbecbdb2bba8bc07a06f83d552a6f4d63e04b4733d63f6b2b9235701d22df75be77bad68c9758

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ddba06d57625c8b4176b548351225a35c316ae9dd8fdf3c25d1c7a5cba78e9d7.exe
    "C:\Users\Admin\AppData\Local\Temp\ddba06d57625c8b4176b548351225a35c316ae9dd8fdf3c25d1c7a5cba78e9d7.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Adobe70\devbodloc.exe
      C:\Adobe70\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Adobe70\devbodloc.exe
    Filesize

    2.7MB

    MD5

    732ef919eddcd5df1c6060069cae3460

    SHA1

    62eb89c327d79aaf360cf87b12a095a7bd859efb

    SHA256

    79bdf9da481fc7f2bd09f78212b0fa9b217ca1513d1d781ea1c28874191a7293

    SHA512

    a5868846786fa9b60239494cd6b633a5d78aeb55af082d4654757140a9f7ac8ffc58ac8d72fa206df8e96d0f767900d8f757bb7da1e09441e5d761150c60b916

    Download Submit

  • C:\MintQ1\bodxsys.exe
    Filesize

    230KB

    MD5

    16444c5d04b9aedbef4c67d049d65a41

    SHA1

    0868eab7a268895ecc0394da8d0d34ac1c4d85e8

    SHA256

    b492b22bff0b934dbb8a1ebc89365c62d4ef4c17d5488e71a031087c7c954e58

    SHA512

    6ab065d4e2442c0467cff270c414ba554c631844b2af1bb94c8829acbe5956a0126394f41d86f15c2df3fba79d1e22742d9c71c0d7f13016e7dca6cce0d931f5

    Download Submit

  • C:\MintQ1\bodxsys.exe
    Filesize

    2.7MB

    MD5

    976fbe520d0a6b51b369dc6f7621bf89

    SHA1

    901972746b8866b50d970eda9cd3ac396f204dec

    SHA256

    4659e6270b46097d7f2803bf852102b521230705a9c73c76e9520c07f52bcd78

    SHA512

    431d296fa287750cf272f99b8c109e8b5f15fd60af85c767afbf40a4b0694c96495760bf1be5fdc6b61b090ba5ad63a3a7dcc212ab8109949025a542598b1f30

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    51a1df75041b82ac25c6202286d309c4

    SHA1

    b8a0820fa494ddd4f3c0293a556379cdbe9c453e

    SHA256

    2bb0f72d3c7c0fe7f41c177e9b537364a2f9541747e87468c23571596956c8fc

    SHA512

    5669ee08f69b9e16803e59862795bf5010a0ff4f38777d456501d6563325fc587a42785adfd2e38b34613d84b4cd37dd4da68865362706dce4c11ec15fd28921

    Download Submit