Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

78e16a8e03...f0.exe

windows7-x64

7

78e16a8e03...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2024, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78e16a8e03ce19e3ccd6642c5b4c7c04de4a1d4e4f62094e61897c61c7bcd6f0.exe

  • Size

    2.7MB

  • MD5

    85c33228c97919f5411b8f206f7af4ea

  • SHA1

    18680972c81b7b3b45e4ab41193cf2d4acb5c1dc

  • SHA256

    78e16a8e03ce19e3ccd6642c5b4c7c04de4a1d4e4f62094e61897c61c7bcd6f0

  • SHA512

    b6375539a8740c3a7f17e755ab1d6e63c5dfe1e59e438a598837afc24d8ac98a03014e9593d0a2a5479d95f2d2b558e308d820312f23861cac66e510bb7148c4

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpw4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78e16a8e03ce19e3ccd6642c5b4c7c04de4a1d4e4f62094e61897c61c7bcd6f0.exe
    "C:\Users\Admin\AppData\Local\Temp\78e16a8e03ce19e3ccd6642c5b4c7c04de4a1d4e4f62094e61897c61c7bcd6f0.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Files4L\xbodec.exe
      C:\Files4L\xbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Files4L\xbodec.exe
    Filesize

    2.7MB

    MD5

    7bc5c630ffe97a59c1b349834de14430

    SHA1

    f89b391c5976894e3000a9152e53683e6aba53f1

    SHA256

    a386233e44762293ae58a498b7d1b499a77972c9359e4624bcd39302ffec3288

    SHA512

    29097f839d77a0d041acdcecc964af47c16ac67220d394aff6bcc62878be1acd8fb37ff47460110b70397d2f72e493ac7877a0f32ec7b58d6b68857dd142d99f

    Download Submit

  • C:\KaVB6W\dobasys.exe
    Filesize

    599KB

    MD5

    cb8dab7630d260b6fbd80ff2360889db

    SHA1

    c8d93afa64641ffc4f32d63424388e807d5f7124

    SHA256

    6b6fda4485ec77d41bb1879005cf1be1507e96e92767cab764fb120795a30835

    SHA512

    15389110017d420bfe73f98519f8b5702b0638209b2d915b1d0dc6ef0682dee2c075f2e36e67fa2a50b9585aafe8563e9ccbde1eaef09244c449b5860a1f7ed4

    Download Submit

  • C:\KaVB6W\dobasys.exe
    Filesize

    2.7MB

    MD5

    bb198b33b050eaca5f5b0ec33ef47e4a

    SHA1

    57ed8d6a4377fd86382d438097aa2c4c167eae65

    SHA256

    889f04925291118165aa9a1505dfdf84469aee9d1087558937df2c888a18b9af

    SHA512

    66cb1d8996b13f768e55c8f72dd76d5410adef4a3db8fe033b99787787d6d891e558ce6f5929a529b28e903869e2894186dd84353c0b7b773df69dbeaf4bbfcd

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    8f8aa8e06f5e22650b2c5d53957c5d89

    SHA1

    6e2992187d69fd6c43d1345f5e09b4fbb23ad85e

    SHA256

    27774d69114dada053bfa2922f3e68c3e76a73a2b36dfafae4cb5234a083f907

    SHA512

    fbae64d8fa40193a97764e0cbbae2f90704804f1fd09d78b27277d0ab4fa54c6afed9b64bc636622a325d7a5be184c9e45e9319e412d4c745a05de1005898a69

    Download Submit