Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

103fb90843...5d.exe

windows7-x64

7

103fb90843...5d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    103fb908433e953769b58e0f59b6353d5a5cd34542b89d273a1fc386c430415d.exe

  • Size

    2.7MB

  • MD5

    95ee134eb5f84b928cfce514db43bd51

  • SHA1

    e20d3e2010dd7f234f10f6c3c0f0332d0feb82c0

  • SHA256

    103fb908433e953769b58e0f59b6353d5a5cd34542b89d273a1fc386c430415d

  • SHA512

    1ecc339cf70779a7a5f66dc9898eb7e7ccdcbd558b9cc32ad90259034f748e5016f359b2e65df7b20185e81631868d4789f3f6d54ade341510e57d5877677453

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4S+:+R0pI/IQlUoMPdmpSpw4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\103fb908433e953769b58e0f59b6353d5a5cd34542b89d273a1fc386c430415d.exe
    "C:\Users\Admin\AppData\Local\Temp\103fb908433e953769b58e0f59b6353d5a5cd34542b89d273a1fc386c430415d.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\UserDotGX\xdobloc.exe
      C:\UserDotGX\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    d562bca31fc0791628df27f556c7a0f9

    SHA1

    faa60bddbcb4fb2199130121987ba636806c7a52

    SHA256

    a1b35b920c040129c29213949cda958d8d8a3d11d6fe2a88a65ad540c405bda3

    SHA512

    5d4ce5dd108ad93b67bd56594be6bd000775ec205d6d32e12fd95f4d12458dc9ba0a490b7c0bbfc58f3e0cb0732842628fb5feda80358f37be8167b8691f271c

    Download Submit

  • C:\VidYY\bodxsys.exe
    Filesize

    2.7MB

    MD5

    330cd0840da9956b933e467dbe8750de

    SHA1

    10a70b903e7d131178f05e071b00cc012d17ae2a

    SHA256

    382e14bedda98a3060ca303ee7fab2aeb4f7409a208751b88e66f1791dbe6334

    SHA512

    f39d2cda32348aa400fc07845f09f87bae8906f31a56714af8c3bda7e069b952d951e2280b9d5e2d3f342ebb4c5ec2bb43c4cf42fd77ce56c2c2fc6d1a5f87da

    Download Submit

  • \UserDotGX\xdobloc.exe
    Filesize

    2.7MB

    MD5

    02487f1449de1e6f66be944bbd3d3179

    SHA1

    7d66253fb33e27de840cf90f7ebe8f77d05efa16

    SHA256

    f5e4223e8d274f6caf808f026e83dc52a26d086b671e09e81b8b251fbc065a61

    SHA512

    27870cc7a856202dac535251ee663568b60e5843ed84fadfbfd5233c7422126ef386ffcaf26656d02481977db5127bfd775f91c4dccbacca734ee79a5b6f83ca

    Download Submit