Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8f4d2f0e0c...c4.exe

windows7-x64

7

8f4d2f0e0c...c4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 01:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f4d2f0e0c86fcf9ab1bcf4fc1f6f4934837b2d2950acad50f2e6da1053399c4.exe

  • Size

    2.7MB

  • MD5

    a90cffa702e913306df4c4a0acdfd404

  • SHA1

    688da8c94990b47fff9fd83253b972b8dee2cbdb

  • SHA256

    8f4d2f0e0c86fcf9ab1bcf4fc1f6f4934837b2d2950acad50f2e6da1053399c4

  • SHA512

    43f0a3b77e613f9a43540867572ec8f298c8f7af7c353467b2a51f5b3804869e5eff5db160a6ebe4e5a02e3dab31ae89c66494fe037dc57bd8e8f289a61c72dc

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBP9w4Sx:+R0pI/IQlUoMPdmpSpD4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f4d2f0e0c86fcf9ab1bcf4fc1f6f4934837b2d2950acad50f2e6da1053399c4.exe
    "C:\Users\Admin\AppData\Local\Temp\8f4d2f0e0c86fcf9ab1bcf4fc1f6f4934837b2d2950acad50f2e6da1053399c4.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:468
    • C:\SysDrvK7\adobsys.exe
      C:\SysDrvK7\adobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintVB\bodxloc.exe
    Filesize

    87KB

    MD5

    f4619b120396f8c5a1281d7d1fbe8d47

    SHA1

    f8aec92321250ae4eb954a135a17d01b4bb798db

    SHA256

    c2a4bc3d09bb3d1648067082da7dc408f133b3e96917a311b9112bd1e99e8125

    SHA512

    f8d30353f8b6946811fbcc9780f05e922dbd48fcfe5439dfcba41f3af94c19fabad9782c6f4f86d2a6af0a1501a2d3f7348aa0753f48b77c92d059aa1a3b83d1

    Download Submit

  • C:\MintVB\bodxloc.exe
    Filesize

    2.7MB

    MD5

    36a833314c8a45a0ddcf268d38b6d902

    SHA1

    d46d8b25f096d1a63e1aedbf3cd6d49060355d8d

    SHA256

    29199c422954b538780acd8d327d4ee733f6c38ee0bdfa16775350e5a9014606

    SHA512

    44bb650af30c27bb1f65349af1d9b73c448f9f886a4f8e2c0cb1236d1ad86ba02b5bd89b9b07126c67082f067bb20209a0e55c37cb9fe8b8a4df6badb080bd58

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    653a090c31f3da8d8daa0d134cb6e6ae

    SHA1

    725f76b29c954a8c42d460de99034913c17a3aed

    SHA256

    6e341ee1ed9dc4a23caa52f9edc4b35c40014e3002ff0e472ba41d8ba1e26140

    SHA512

    07956ee56c9b1ab13f40ca74fcf64a8798b8c40f91812c1c00ea7f423017fe2cf0f953e86ac38c79b86918461345f1930d7d126fd8f5d16ff06ef3610be969eb

    Download Submit

  • \SysDrvK7\adobsys.exe
    Filesize

    2.7MB

    MD5

    adbfb8a502644c1297328449a84fdebc

    SHA1

    239d8532e5714e7cdafcd7bdc613e0c426d97d14

    SHA256

    5d61ffedc852054f1294fd3937d0b5c51918cddffedaf4074f55186bb71bf5f7

    SHA512

    922af29ceef8c144f4c3b882418a80f479ed1d37e6289548d1e89f1d0a4d039503684d4fdcb521609aa5ac8a1044efe6a4de34e08682bf6e177b764bee9a8cf6

    Download Submit