Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

bad-piggie...in.exe

windows7-x64

8

bad-piggie...in.exe

windows10-1703-x64

8

bad-piggie...in.exe

windows10-2004-x64

8

Resubmissions

14/09/2022, 05:09

220914-fs6n4adahk 8

14/09/2022, 05:09

220914-fs459shcf2 8

11/08/2022, 20:58

220811-zr9h5sefg3 8

02/08/2022, 11:13

220802-nbqkjsebg7 8

Analysis

  • max time kernel
    316s
  • max time network
    1606s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14/09/2022, 05:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bad-piggies-1-3-0-en-win.exe

  • Size

    26.9MB

  • MD5

    e7cfb590d467514eae6071e3fe264c4d

  • SHA1

    d5ba530239e3a9fb3af41468db606c6d10503d65

  • SHA256

    d069cc98d81da2a127a958a0f27929c2f4d28df190423231bd4403d0a2d5738e

  • SHA512

    bf9a2f7df2421f5c4530d62fe6f524b75d7d893d3e930005e67433ffafc998fe099379a10eaf93bf6dbc3e548213c5e61ad14820c88c4f5bb5ccbba0bff95849

  • SSDEEP

    393216:IJo5AaSO3UpcWKhef0O12q6EgdzmGcpeT4oRW2Jsyhjo25XBEIDoSfaANuZxXa+7:U9aSOi9Khef0cJGjwT2HrsnXa7MnmXw

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bad-piggies-1-3-0-en-win.exe
    "C:\Users\Admin\AppData\Local\Temp\bad-piggies-1-3-0-en-win.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\system32\msiexec.exe
      /i "C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\Installer.msi" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\bad-piggies-1-3-0-en-win.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
      2⤵
      • Blocklisted process makes network request
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4832
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3900
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding AD904153D73654AB40A73F30040E7004 C
      2⤵
      • Loads dropped DLL
      PID:1080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSID6BD.tmp
    Filesize

    70KB

    MD5

    c21c03a2f0b88b9b76b1e43c6477be8b

    SHA1

    0bf4c242a4530b6994d5eb6d03212c668f4596c7

    SHA256

    65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

    SHA512

    b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIDE6F.tmp
    Filesize

    70KB

    MD5

    c21c03a2f0b88b9b76b1e43c6477be8b

    SHA1

    0bf4c242a4530b6994d5eb6d03212c668f4596c7

    SHA256

    65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

    SHA512

    b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIDFB8.tmp
    Filesize

    70KB

    MD5

    c21c03a2f0b88b9b76b1e43c6477be8b

    SHA1

    0bf4c242a4530b6994d5eb6d03212c668f4596c7

    SHA256

    65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

    SHA512

    b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\Installer.msi
    Filesize

    963KB

    MD5

    28f5b2639aa751eb175fe3ccf989ecd5

    SHA1

    38f98d6a25660fc3d4c28b48537d38e792e4eaa6

    SHA256

    a3683613d47a5d9e64725c34dd5c8ccf27134a834c8403df8d9ec1f92acdc128

    SHA512

    05e6d0c880412580e9132def3ebc556acd22a8726e60e9ddc197e5bb47d7aac11f9b10ec4b511195391189158b234835ed88eb5b125cf39ffde75304f2abd388

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSID6BD.tmp
    Filesize

    70KB

    MD5

    c21c03a2f0b88b9b76b1e43c6477be8b

    SHA1

    0bf4c242a4530b6994d5eb6d03212c668f4596c7

    SHA256

    65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

    SHA512

    b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSIDE6F.tmp
    Filesize

    70KB

    MD5

    c21c03a2f0b88b9b76b1e43c6477be8b

    SHA1

    0bf4c242a4530b6994d5eb6d03212c668f4596c7

    SHA256

    65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

    SHA512

    b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSIDFB8.tmp
    Filesize

    70KB

    MD5

    c21c03a2f0b88b9b76b1e43c6477be8b

    SHA1

    0bf4c242a4530b6994d5eb6d03212c668f4596c7

    SHA256

    65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

    SHA512

    b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

    Download Submit

  • \Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\decoder.dll
    Filesize

    120KB

    MD5

    7fe03d84ca384aa478bcdf4ba3558983

    SHA1

    e7bf3412cb9747a4bf92639a9290a70642f0fd6d

    SHA256

    25c027fa14602412c0692c619e5e6b696a5ddaa4577364989a098fb7605feb6f

    SHA512

    6d71103cd23c791fe82dab15ae4786a2ec13a98dfcb3120a4f22a6eaf31d07a58d54c8d501e1ecc52cd4031dfd484eb5cbaa6138476166050ca123f381aa3e35

    Download Submit

  • \Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\decoder.dll
    Filesize

    120KB

    MD5

    7fe03d84ca384aa478bcdf4ba3558983

    SHA1

    e7bf3412cb9747a4bf92639a9290a70642f0fd6d

    SHA256

    25c027fa14602412c0692c619e5e6b696a5ddaa4577364989a098fb7605feb6f

    SHA512

    6d71103cd23c791fe82dab15ae4786a2ec13a98dfcb3120a4f22a6eaf31d07a58d54c8d501e1ecc52cd4031dfd484eb5cbaa6138476166050ca123f381aa3e35

    Download Submit

  • memory/1080-193-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1080-190-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1080-188-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1080-187-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1080-186-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1080-185-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1080-191-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1080-194-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-156-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-167-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-140-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-141-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-142-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-143-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-144-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-145-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-146-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-147-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-148-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-149-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-150-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-151-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-152-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-153-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-154-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-155-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-120-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-158-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-157-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-159-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-160-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-161-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-162-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-163-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-165-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-164-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-166-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-139-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-168-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-169-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-170-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-171-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-138-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-173-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-174-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-137-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-176-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-177-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-121-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-136-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-135-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-134-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-133-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-132-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-131-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-130-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-129-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-128-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-127-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-126-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-125-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-124-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-123-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-122-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download