Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

74529e9b70...0N.exe

windows7-x64

7

74529e9b70...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74529e9b7074aafd196fa174365bf770N.exe

  • Size

    2.7MB

  • MD5

    74529e9b7074aafd196fa174365bf770

  • SHA1

    fb9d16ed78d63a581bfc500a5b5b19238224822a

  • SHA256

    7f7fbbc262373a2d888f01275037e15da07d35561846c55250abd5e3dce4dd6b

  • SHA512

    aff2d7ffa7df28b6aa0c0c0f3e4ef700c37dabab0886b70cedbe0198397f9e1465abd6b4543d737eb7658847f4c1d71c54bf56e09357850cfaf5b5173dccc272

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBZ9w4Sx:+R0pI/IQlUoMPdmpSph4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74529e9b7074aafd196fa174365bf770N.exe
    "C:\Users\Admin\AppData\Local\Temp\74529e9b7074aafd196fa174365bf770N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Files1G\xdobec.exe
      C:\Files1G\xdobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxOW\dobxloc.exe
    Filesize

    16KB

    MD5

    0024b9de4074abf70baddaf53e71d755

    SHA1

    9625186ef7afe8a1d37a741132a8fa2d5c1d93ee

    SHA256

    6ac037504a3448af4107d6a363a740417a266be137fa998b32fcc1a860777c00

    SHA512

    2418afefb4088aeeed58cbc6226d42d3516e54b426d718740794459430639a27ae722a5fe3ce6f15a583dbc559352a825d6b2fef8063d679cc9f9a8a9d4f1794

    Download Submit

  • C:\GalaxOW\dobxloc.exe
    Filesize

    2.7MB

    MD5

    63c3d73a0faab0d897889eca51e5bbc5

    SHA1

    9e79671382f52a7800068f6ead1a1258fe6bd2bd

    SHA256

    99dedc9cb17baf209b6452cc11f514ae8a644b1a8757bd33c044093736dda95f

    SHA512

    e2a267995d7e31b0999b35330edc97990e95882aaba710d897d5c4ff52735b20c30881bb37318a3b9d12b17c8644201b25f52856a5b4410c1a9baee76c934426

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    bd221ddc1e29680c3330a2c6fcc05717

    SHA1

    8c7493282c751ffb478248bf6d646e7071167aa9

    SHA256

    db6e7f60ea4dd9991722136548f4073cf5e213931fd077b66feb049606f50250

    SHA512

    bd429fed632128292e88f8cc886a6eaa0301dc322b21b1611c7bcdc2fc7b2f72c4777d7ea63cb13aae6210dca8cc3703986db1081f10272f0a4149993aa431a3

    Download Submit

  • \Files1G\xdobec.exe
    Filesize

    2.7MB

    MD5

    945758962edb0b6ebf059b8a2aa464a0

    SHA1

    31dfc8b0ba3b2f673ec00f1987e41f6ab1b30e24

    SHA256

    165ef4ab1c57a083c2ae045dcefd7201778f807b1a8cc5346280e3e6e7273abc

    SHA512

    9238a64a57a6fae714e30dbb64f9052f35d924411f81166113c39760c92dc40d129aab171dc2b3a310604dbe76c2ce93cdfd0825869a6b1871fb2c45b8bfe98c

    Download Submit