Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6e37c6c2c3...e5.exe

windows7-x64

7

6e37c6c2c3...e5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/08/2024, 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e37c6c2c33286a420dc4fe2de3e7d5460f697ed7c15222ab398ff7d88a50be5.exe

  • Size

    2.7MB

  • MD5

    6e8372e4098b599de1ac0fc3f0610d74

  • SHA1

    6e4cab862e5e10f269118b88f20a8f699f853e80

  • SHA256

    6e37c6c2c33286a420dc4fe2de3e7d5460f697ed7c15222ab398ff7d88a50be5

  • SHA512

    0daf6f512eff68610a5f9808051b43fd781c2d0bfdb86c19d3f68c031653745492f33a5606a8efa48f79c579b1f06e2176ae7cd18efb5dfc451654a578f29a49

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBX9w4Sx:+R0pI/IQlUoMPdmpSpH4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e37c6c2c33286a420dc4fe2de3e7d5460f697ed7c15222ab398ff7d88a50be5.exe
    "C:\Users\Admin\AppData\Local\Temp\6e37c6c2c33286a420dc4fe2de3e7d5460f697ed7c15222ab398ff7d88a50be5.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3804
    • C:\FilesJL\devbodec.exe
      C:\FilesJL\devbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesJL\devbodec.exe
    Filesize

    2.7MB

    MD5

    333c844bb6043596ea09f43b3597a312

    SHA1

    d02ced70c20a750cb3b09a0d5de564621fc2ead2

    SHA256

    25b9129e0ade1b33210a14d6e87e0c566ec16f4d4973266e57778ecaa82b8d04

    SHA512

    808076544e71c423fd5b894e61dcb31ba7d1e5bc20888622a5131d8772d6907a60eb92f02dd5422fb835161dda247fb5fcdb0e45351dd053aeec97f830d0c79c

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    48a083bafc45e59cfce6f6db1aa2767c

    SHA1

    40a2cdf204a265076e0373bef7072dac3516bfac

    SHA256

    6f243196df9357a63bd43f8719c56c59654468ac10114b525be94356363c7f03

    SHA512

    89ce1acbc1b77e5970007e2391543d187926f2b4a9c9c111d8c6de546f438b9dd45318f8def5837f79f768127af5b8294bc49f081bdb018377d3a5488010fa07

    Download Submit

  • C:\Vid76\dobaec.exe
    Filesize

    2.7MB

    MD5

    85c612e24fd89c39b701d4a1b9fbffcd

    SHA1

    c0a8a7395e8ac715e652cb79447334334a81eb1b

    SHA256

    e2488cea0524cfbd9daef80bc17517625294a59467793f42d0d69494321afcfb

    SHA512

    9b4ca428f79296aa2c053355f01d118f378055f62279976ad2dd09feeb867f044826aa3ad322e73afd0cbdf85f0de9ada08e843b239e275fa195ba2ead8200e5

    Download Submit