Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

18bf01212b...0N.exe

windows7-x64

7

18bf01212b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18bf01212bb81efd17086ec065989dc0N.exe

  • Size

    2.7MB

  • MD5

    18bf01212bb81efd17086ec065989dc0

  • SHA1

    aea81576499ea8e7cd4a5898122d9289130d0d92

  • SHA256

    aad290a235503e343dfe00984d07cc2f4065a5800274de755edeb8c18885cf7f

  • SHA512

    c2b59d24609e8aa3475fdccd8e90708adcf81c88f7fc08abc116d20d438c0cc58213a1df367d4721056481d2b81b81788e07877b9667e166b4693c2340cc5003

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBj9w4Sx:+R0pI/IQlUoMPdmpSpH4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18bf01212bb81efd17086ec065989dc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\18bf01212bb81efd17086ec065989dc0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\UserDotUE\xbodec.exe
      C:\UserDotUE\xbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint62\boddevsys.exe
    Filesize

    2.7MB

    MD5

    4fb80e3d7bfc9bfe06d4630bc49786c0

    SHA1

    484cf6ed2fddfb58938292bfe70d6fbf852ce8b7

    SHA256

    ae9cf7c35bf3af7894d60adee06db854b12d9ebb0179a8bcafabe28f8be74ae5

    SHA512

    8a8bbb96e0b4baa44e1536a43f3aa7c446c8c110cc9201cb60e783c4bb8380e05e364056290ecad3794ca9538891b4b51d74a709e866d92d3d39d57bd67b8003

    Download Submit

  • C:\UserDotUE\xbodec.exe
    Filesize

    2.7MB

    MD5

    6346e249e9ca79b850115d37f2c939c6

    SHA1

    65b0c530710ceb36eee408695e48aac8595abca8

    SHA256

    451124c33ee4786eaf47ff0eec5c83631b0db854d3219c56958d505d019cd6f2

    SHA512

    fb4bfb424d78b91346e6df29353d1cdafb28e0c1517f7f7951fa95a5779db90a7ab1dff739f772b65ebbdb9c0e52b35813ab566ee47aa644a0882dcf01cd6295

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    0fe341a271be5f478c612e310c963b29

    SHA1

    844199c4624179bfc11cbb266cc028dfe25804e7

    SHA256

    b5d0de5046c54a17a6f2d315164610f1ef7609bb17835949211e5f05321b39f3

    SHA512

    b19d2e11360be4919391659808549428ac4270b11cb97f125f0dd545a959039fe4954a6e32cc6295bc42d2abba4857b432edb2763f21945d6b4ea00934d75313

    Download Submit