Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
57s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25/11/2022, 21:19
Static task
static1
Behavioral task
behavioral1
Sample
bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe
Resource
win10v2004-20221111-en
General
-
Target
bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe
-
Size
173KB
-
MD5
af00299bf00dce2fe6dc4e1905fbfde1
-
SHA1
660f4f8fbeccda255fd261ee438941ba830da273
-
SHA256
bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897
-
SHA512
8a649a9e9e8bac3c88f76ce19e9d69bc563f2574063594eaddcabc4269ba8a89f5592a84d0d24a78821aed55d947eb2bb02d345d89e0637deaa9bbe1e5feccb6
-
SSDEEP
3072:wXLyy4bRXNujFqRlWRkNpZHPImtS5Es2K9Tbw9yDxh1OwMIP6LlcHD:kHI6qRlsk7BPXS5Es2ATbwifZNPulcHD
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe File opened for modification \??\PhysicalDrive0 bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe File opened for modification \??\PhysicalDrive0 BC4693~1.EXE -
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" BC4693~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key BC4693~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ BC4693~1.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1712 wrote to memory of 1056 1712 bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe 29 PID 1712 wrote to memory of 1056 1712 bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe 29 PID 1712 wrote to memory of 1056 1712 bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe 29 PID 1712 wrote to memory of 1056 1712 bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe"C:\Users\Admin\AppData\Local\Temp\bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
PID:1772
-
C:\Users\Admin\AppData\Local\Temp\bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exeC:\Users\Admin\AppData\Local\Temp\bc46936a4ea1c2c8d11553d92bdf4e3c5454cff4b02b7c786ce30a6105452897.exe1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Users\Admin\AppData\Local\Temp\BC4693~1.EXEC:\Users\Admin\AppData\Local\Temp\BC4693~1.EXE2⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
PID:1056
-