Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0f1ee7306c...0N.exe

windows7-x64

7

0f1ee7306c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 14:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f1ee7306cefdef1bf7039123282fee0N.exe

  • Size

    2.7MB

  • MD5

    0f1ee7306cefdef1bf7039123282fee0

  • SHA1

    f81548bc83f906787d7d221be268cb57bc4bc56a

  • SHA256

    8a26bb0dfaa21c513afc393416a8cca8a58251fac5ba5479e28ac92cec8f929f

  • SHA512

    ad9c0963e79e740dc0a87a5c8302a420814abc5a9889ff04c30cc7ce7a48b5b99db8c8ec6d956debb6dca127c0c9e5093ad1c4cde61ab8ecff3b8b617659e8ce

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBm9w4Sx:+R0pI/IQlUoMPdmpSp44

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f1ee7306cefdef1bf7039123282fee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0f1ee7306cefdef1bf7039123282fee0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\SysDrvUE\abodsys.exe
      C:\SysDrvUE\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintFD\bodasys.exe
    Filesize

    2.7MB

    MD5

    52641ad76e6c23ac0a56e29950ba934f

    SHA1

    be1bd282833ef0c2f36255a90fce2353f3042bc0

    SHA256

    4de2bf07491a05d0f4cf525ddf0cf1988b380adb216e3e33738ab9cdb5b09651

    SHA512

    3f18a448510ff26174049de0a03fac850bd3854ec4f4845537c3638503eedc66004d2cbca2338a2508e1b734ece54d24093d0c9e184dda64385d48f3150d6272

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    238515846abbdd8a87d3bcfc25823671

    SHA1

    f9c7aa35d6d2527a19fed149d46bf25a26d5b94e

    SHA256

    3b983adc5d9c9315d87bcbe11565c63ffcf11571b705aa9acada0d7d554009be

    SHA512

    6f3f06a69560805962f0d956cb5eb2842ea9d6d34e94a69b7fb50613e0bdf396140db3bb09ca3b0a702e359c53a5ec47a7987db8b0940cd387f21b1dff2f2cfb

    Download Submit

  • \SysDrvUE\abodsys.exe
    Filesize

    2.7MB

    MD5

    106749122a710e43fbedd6bb0521bbc6

    SHA1

    97ad9e83298e1764706951c7581060e20b0fba40

    SHA256

    4787a2be9ade63a0afa7442fdf2cb9a4c77daf3995a3d51eba16778cfcf0030a

    SHA512

    dc8ab9308df25a7c251f052e77bfc6cba1731a3535d3c94aecf467d8fdef8acff2696612ddfc73603c53dbdd1cd531ea2d660ed947446b38f44f8f188a5af5f3

    Download Submit