Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/08/2024, 15:31

General

  • Target

    6c3031687cafae6998100b6eb3967aa0N.exe

  • Size

    3.1MB

  • MD5

    6c3031687cafae6998100b6eb3967aa0

  • SHA1

    556aa91bb801c32bfdc726daca9e4d12bafa7b0f

  • SHA256

    1ead031315e6adebdae83f3ed3651ce6231b40ccdea6a99258a7e513cb0aeedc

  • SHA512

    62a0c0777556e7e8d5075710de4b7f29bf7adf090ae755289394d2c652896fa5c2b3d4128bf3f922a3628fa5db509be01ca18f36c9f42df1501314aad47c4d1d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Su+LNfej:+R0pI/IQlUoMPdmpSpq4JkNfej

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c3031687cafae6998100b6eb3967aa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c3031687cafae6998100b6eb3967aa0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4360
    • C:\IntelprocHZ\devdobloc.exe
      C:\IntelprocHZ\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocHZ\devdobloc.exe

    Filesize

    3.1MB

    MD5

    a9b23c5e91937b45db1fd8df2565c137

    SHA1

    f2b1a8ea65521ccaf034f9f9a75cdf36f79e9846

    SHA256

    1fbc119ff68574605a7934217f95908d282aaa42198e216d893a25b2a792a6e0

    SHA512

    f0967dbba268c006bff3e50dbc9b1596e94ab040178eff37b0b2a6ed621760dda076b85abd6161745e6777db9e97669550d90e4437f249e7445f7f84dec69081

  • C:\KaVB5W\dobxec.exe

    Filesize

    3.1MB

    MD5

    9e577329fac6b5e152f9be8a07aca600

    SHA1

    cdcd4104395a73cf8c233e2324b3fab00cb0d631

    SHA256

    69cc071384e7a647fc07a2c011ec62e255af57b1f8c547d61d14509a1923fe44

    SHA512

    f01fea1392505a50490934ec639f1709e0783ecda02371a68d6cb300506c28346302663b8fdeb81b3e0635b80484b4b88c1f4cc8ba3dc9ea3184b3bf59097c1f

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    207B

    MD5

    9f33661b63bebd9096dfc86ec1b80534

    SHA1

    75befb6039e6ccd45c34b3406ad7234947bae016

    SHA256

    1a7c6084e49405d0e5112fc5d635a1aaa87f92c9e40626ae36823740b0216e73

    SHA512

    bd5c4979eee50c75bbab52678ef9b5b99321e93dd0fdcb96aaf9292e78277a7bc70ea514c0d4ed1d71284e66a807d973612969cdbb4d740ca847a39b534105cd