Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fb16466c82...0N.exe

windows7-x64

7

fb16466c82...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 10:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb16466c829988c744d94f036bc5aa30N.exe

  • Size

    2.7MB

  • MD5

    fb16466c829988c744d94f036bc5aa30

  • SHA1

    2962adf6b5c5fb08918b542b2ec62ffc146f26a3

  • SHA256

    225a4d751d1e07faadb1d17e09d01f03c8c9c921efdd8c43ba653fffdf971830

  • SHA512

    5642413029d549dd7d188dea73fbc795820291a06e498cd4188f023229804e4588531f3f63120a4d172bac148f6f89cc6d1966fbe4a8d84293e1e0941a69ae0e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBu9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb16466c829988c744d94f036bc5aa30N.exe
    "C:\Users\Admin\AppData\Local\Temp\fb16466c829988c744d94f036bc5aa30N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\FilesIE\devdobsys.exe
      C:\FilesIE\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesIE\devdobsys.exe
    Filesize

    2.7MB

    MD5

    73b913ede69ade3d31ffc3654990da55

    SHA1

    24060a60fb6518b12ac63d075f171d62f41ac0aa

    SHA256

    faeaeb146801260397547146063422b30e31b0021a2ab17bb660328a22c53484

    SHA512

    99935688c52e23d0992b7ff7f886e18f3bdddc3ed7c7dff5130eaae01780a0eed8cdcbfc5c81d32d3da084e95b801b937a4aae6d18f445d837438776730edef8

    Download Submit

  • C:\KaVB4X\dobxsys.exe
    Filesize

    2.7MB

    MD5

    3b0889fe1841b2a3e5f88df21b60e69b

    SHA1

    c06615c019080785d9dd30e78af13a5044a43b8d

    SHA256

    5754ee9e62eeb5e68fd7c3db8d557fff4cd2740ea5c9ab7c2c20f06ebe1a5e2b

    SHA512

    f765daf07dcf75cc8d2aff854c6160a9e0dbddb29385de243a6b2868149faf48d14b9415e6d95179b978211b34b7a757878064cd6836e3e25153355887cc2e92

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    a70392f42878c7647d9417e3ba3b0959

    SHA1

    5b593c1c05cceb1356fc3ee7e1a9d97172087180

    SHA256

    cdeecd2e305a704808bc6fef4c1845b14dceb3e702be1200b5125d87511e1ef2

    SHA512

    c99d16cafa3151a272d7905b53372dc65e4cf40a14ca2ed847f251859b36d7ead036750e2f17f18ce16dd93ed577785631455512c421794e440b1ef2e8f3c901

    Download Submit