Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

202f168f1e...8N.exe

windows7-x64

7

202f168f1e...8N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    202f168f1ed04a95380f5f3985d0b28df9c41369e010b859c52011fee4295ba8N.exe

  • Size

    3.1MB

  • MD5

    39d743a6e9080e0f26f4fbf9ee06b460

  • SHA1

    247b3fc2b04316c59c33283a3ea125cccb057035

  • SHA256

    202f168f1ed04a95380f5f3985d0b28df9c41369e010b859c52011fee4295ba8

  • SHA512

    1a5bc31d38c1ceaaaae463d6ed180008f1e24f7c25104ce5dc94083ee367b37039544167a99b885b686c34494218e002e555106115e2b0f791d1f423f52c5811

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4Su+LNfej:+R0pI/IQlUoMPdmpSpe4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\202f168f1ed04a95380f5f3985d0b28df9c41369e010b859c52011fee4295ba8N.exe
    "C:\Users\Admin\AppData\Local\Temp\202f168f1ed04a95380f5f3985d0b28df9c41369e010b859c52011fee4295ba8N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\Adobe55\xbodsys.exe
      C:\Adobe55\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint8W\bodxec.exe
    Filesize

    3.1MB

    MD5

    3e1382e0a35dcf3422a9945c4873473f

    SHA1

    4fdbb4fa58ab7b0b50974ded92a0668ea9f305f9

    SHA256

    5653d4e62557e3b929b1d9f14192ce0364f9ff6d25003cacadc027787ae41c49

    SHA512

    1f355c7376fe9caa2b7816f16bb6b61e8d952c298ebe345cd41b88ba9b5b612101a628deb1046a0b0338e2d867cff668a86dfc88c7f5bcc9cf7b954b6b91489c

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    87e95eed048efe1029fa77b79fd9ad9e

    SHA1

    67245da5074fc036ac8132fc782aa9890cf09669

    SHA256

    92726590f12024683639f0918e246a8fbb304343dc5f6dcb4f3c0e0277ed682e

    SHA512

    f72019cc8fe9de3d697f00c5acdbf19cc65f5c656c51a2d36b046c689233b76aba485a1e1bfca6a2fdf1776ccefd9845f628a790e9c4cec65d66207d467863a6

    Download Submit

  • \Adobe55\xbodsys.exe
    Filesize

    3.1MB

    MD5

    41a57e61e84ea01ed5fb0d351d645987

    SHA1

    bc0019c31502da3f8ceb40b1deaa3f16770509bf

    SHA256

    be6aa6fb10c863593d4f5748706bd733478c209ceb87613a4f7abbb48237c3d9

    SHA512

    05a9662c55bb56d3eb71c4b5bceae1f56070ed33b1db1cf5a54896976682552ce7dc3983f34a1c7eee16d079373f53367fc943f69b789828868da7d072358d52

    Download Submit