Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

78e16a8e03...f0.exe

windows7-x64

7

78e16a8e03...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78e16a8e03ce19e3ccd6642c5b4c7c04de4a1d4e4f62094e61897c61c7bcd6f0.exe

  • Size

    2.7MB

  • MD5

    85c33228c97919f5411b8f206f7af4ea

  • SHA1

    18680972c81b7b3b45e4ab41193cf2d4acb5c1dc

  • SHA256

    78e16a8e03ce19e3ccd6642c5b4c7c04de4a1d4e4f62094e61897c61c7bcd6f0

  • SHA512

    b6375539a8740c3a7f17e755ab1d6e63c5dfe1e59e438a598837afc24d8ac98a03014e9593d0a2a5479d95f2d2b558e308d820312f23861cac66e510bb7148c4

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpw4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78e16a8e03ce19e3ccd6642c5b4c7c04de4a1d4e4f62094e61897c61c7bcd6f0.exe
    "C:\Users\Admin\AppData\Local\Temp\78e16a8e03ce19e3ccd6642c5b4c7c04de4a1d4e4f62094e61897c61c7bcd6f0.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\UserDotI6\abodsys.exe
      C:\UserDotI6\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBXQ\boddevloc.exe
    Filesize

    30KB

    MD5

    651424aef84917cc45276fe2e92f3bc9

    SHA1

    e8755003edea758a0f4c37a68ea4962eebaf6cef

    SHA256

    8df90826791b40238b6bc777d1bc8fbf6a7d49563e06fe0dd88600a7a4670d4d

    SHA512

    0a6a871b92b1dd9c0d5b1c5d763f3cd7d99b79dbbb4b18f15f3847bf5d55023dd6cb5426116b1b682834eb2beb472f4183d42d0a2b1abfaad31ffa5ff950b14c

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    975e45422443ee39b61c7639796bb0c0

    SHA1

    6c6fbeaaa5cbc2fce2d3511fe5f5a90b93865f2b

    SHA256

    ce70520ef3a325ce7d624acea02b7826d0a64383f2879c2667703a447af722b4

    SHA512

    51ab61d549af800ff62af537aff95c76a63a85d629629310922338ed68563958b006da538cd745ee4bfb2a901e0045623f1fb9114151de70b56ab1948097d63a

    Download Submit

  • \UserDotI6\abodsys.exe
    Filesize

    2.7MB

    MD5

    acb4edec67fbba443db070b7a5501361

    SHA1

    32baa2b14c91d761d0d1421829795e7797b7cc9d

    SHA256

    0337ca7b11c89e782849dcf6950fa3fa0d1d93e26ada1ac939b1ec8ea429697b

    SHA512

    73f57c78cd72d4d1b225071383d00177844fd9e734c3fdddc112c349218b676d884b51c4fd6496b73308a4027beaeab78555d4b44ab6728150d80a63556c75f1

    Download Submit