Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

389e101c47...0N.exe

windows7-x64

7

389e101c47...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 09:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    389e101c4706aed3fe07b7ebf06ede80N.exe

  • Size

    2.7MB

  • MD5

    389e101c4706aed3fe07b7ebf06ede80

  • SHA1

    9f98928db60dcbc9623040e7b1c201838a7cc504

  • SHA256

    b175a0890b0a46ad09305869f77bda9262de713793a714de5a0cddfd015574b7

  • SHA512

    5d40f0b29ec49c97167be167cb16f9ca96a02ca6cac4af5e60d773e8a63b521175ab000e2a80dbae0dfcea09a87fba747b8df72b505600f3363b2561c6b81714

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBa9w4S+:+R0pI/IQlUoMPdmpSps4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\389e101c4706aed3fe07b7ebf06ede80N.exe
    "C:\Users\Admin\AppData\Local\Temp\389e101c4706aed3fe07b7ebf06ede80N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\AdobeOL\abodec.exe
      C:\AdobeOL\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeOL\abodec.exe
    Filesize

    2.7MB

    MD5

    09cf0d502e860f5b4431505cefedca34

    SHA1

    95bceec0319d51f43d651a599303ca7784c9e498

    SHA256

    622bd58d3464bf255aecd7204d89488a62ef8e39509d460afbd93e62b807bb67

    SHA512

    9a30d02836cbde775a6b231b3ac4f5da8bc1374f217d2a0541c51549e06d0de028b9574d410ace86cf90336b42fac03bda52de167aae2d9411edb685830b1e71

    Download Submit

  • C:\GalaxN9\dobaec.exe
    Filesize

    776KB

    MD5

    378068e0d1649559d2b38be303d24242

    SHA1

    f5884037f4727e1b0f4aaafa847a73d2da65ff4f

    SHA256

    2f669d9bad84c969c2e60ae15ffaad1e1e61777ae3d1590cafc3b34fed9c57a1

    SHA512

    a357b44e1b3a4dda6dbd12ac4b4150366207de04aa493ddefbe11855ff9e9462f3664d3d32495e687dc134db2201d12bb5b9ab4324e923ef4d1fd3dc3792c1ed

    Download Submit

  • C:\GalaxN9\dobaec.exe
    Filesize

    2.7MB

    MD5

    adac9c6d6a8d86706bdf70045dab929d

    SHA1

    ca9306a3184bdabacbeea24b2e517954e2366a8e

    SHA256

    2fc85d8ecfd3d0f5adfcd25d136aefe474656da1faf90dcbb4744e6c59a6fb4d

    SHA512

    0cbb87a7fb35b8d8d8e07f5b1258f203a8793d32bdfd54a285efa2522bebc6e9375cf816b2fd773ceac0485a61dd92dabad928bacdc451375ae3b668f07df1b7

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    906e684fd36ebb63dd7ff606c0dd77d8

    SHA1

    8bb39ee7c9021e1f75e868395a8658c00ddc9a73

    SHA256

    f8b7adaa7f7c0ff39e2e4b01b44abbba94b5d9c3825446f2f5d3a22351d4aba7

    SHA512

    382aa7b207a00e7a76f9bc747d54e4281c776ab54ba77c4d91d7626b988d7902cfd37ea19c3ea63eb3f24ff874da40ae375d9db49a8fc2820d63f9eb80feb872

    Download Submit