Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

bddec105d5...31.exe

windows7-x64

7

bddec105d5...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bddec105d517103493b879d8ae14a837b19caf960de91a6ade60e56ca0962c31.exe

  • Size

    606KB

  • MD5

    a3585cd1b86d8a3b3b6291fffcb92b32

  • SHA1

    c1a8ea558252a084e4780e6d81c66ff1eab0bbf2

  • SHA256

    bddec105d517103493b879d8ae14a837b19caf960de91a6ade60e56ca0962c31

  • SHA512

    6bb36b9dcb79e115edc52400c35a3f9a8ac0274432630996572c653631b9c11735e49ad2ec4b819a1e51cbb1d1eeeb029f4bf3961395b8f11d3d68b049d7f4fd

  • SSDEEP

    12288:xO+KVw2jcpK0JLfkL60C75YoEqsxkN4VsGOMZxXExdyagbmt:M4pzWLBI5YgsxkN4V+MZxXa+mt

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bddec105d517103493b879d8ae14a837b19caf960de91a6ade60e56ca0962c31.exe
    "C:\Users\Admin\AppData\Local\Temp\bddec105d517103493b879d8ae14a837b19caf960de91a6ade60e56ca0962c31.exe"
    1⤵
    • Loads dropped DLL
    PID:4080
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x33c 0x38c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bassmod.dll
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll
    Filesize

    579KB

    MD5

    faa9adade265dee564889c7b60390381

    SHA1

    f9ca57d431bc4652dd31211c9ab25e7ed2350b74

    SHA256

    7c9e5ec432bd61a99999c067baa4bf0580652cc4d163600d18c8f518fc24c88a

    SHA512

    3760ff077fdf9fa9a1785261211e96b0b28dacf54d6142d1139345c589765d96818a1b8ab481e271b2735919fff4162c23db7ef3c86c1c4d96dcf029043647c5

    Download Submit

  • memory/4080-133-0x00000000750B0000-0x0000000075159000-memory.dmp

    Filesize

    676KB

    Download

  • memory/4080-135-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4080-136-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4080-137-0x00000000750B0000-0x0000000075159000-memory.dmp

    Filesize

    676KB

    Download