Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

bc555887ba...94.exe

windows7-x64

8

bc555887ba...94.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc555887bac3e40e5ad3ac9dafe0bcde2b8ed296b026d214543701aecedd4a94.exe

  • Size

    86KB

  • MD5

    312ec29cefab4b8d0f118e7ad6943fd2

  • SHA1

    83fcba61b17e101f51e0b6c9f9301308a3a29e5b

  • SHA256

    bc555887bac3e40e5ad3ac9dafe0bcde2b8ed296b026d214543701aecedd4a94

  • SHA512

    2f610f1e073657ff9b25ca8c73036a2fbf2630778638949e2f85b21408ec3168f3318ff9fbb094d187ea71c4855251e014dc95898cf0619d1af08a823def64cb

  • SSDEEP

    1536:8KVMKBC9cS4NZoGvefpKcbN0DNM1vtNcTR5G0Vpxr8D43Q:jVMKIR0ZbvwvxGM1rcV5hVK2

Score
8/10
adwarestealerupx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc555887bac3e40e5ad3ac9dafe0bcde2b8ed296b026d214543701aecedd4a94.exe
    "C:\Users\Admin\AppData\Local\Temp\bc555887bac3e40e5ad3ac9dafe0bcde2b8ed296b026d214543701aecedd4a94.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Windows\system32\bc555887bac3e40e5ad3ac9dafe0bcde2b8ed296b026d214543701aecedd4a94.dll",dll_inject
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4132

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\bc555887bac3e40e5ad3ac9dafe0bcde2b8ed296b026d214543701aecedd4a94.dll
    Filesize

    69KB

    MD5

    722e2973ae6c0401c95294e6a44e2fcf

    SHA1

    6184af79414a489624187ca887c4e0bb552ffd30

    SHA256

    464684f65b7e7b601f395f7cfa1faaf5aa5636a32bd7571b5e861d358a5d0fce

    SHA512

    238578daa6c9eb7a20b9355408f1f9347ffce104ad1fb53de8419d74ff249e4800a678ce74dbfd0895519efc51990b353ed45f54f09e729dacc3e4fcbd2110a7

    Download Submit

  • C:\Windows\SysWOW64\bc555887bac3e40e5ad3ac9dafe0bcde2b8ed296b026d214543701aecedd4a94.dll
    Filesize

    69KB

    MD5

    722e2973ae6c0401c95294e6a44e2fcf

    SHA1

    6184af79414a489624187ca887c4e0bb552ffd30

    SHA256

    464684f65b7e7b601f395f7cfa1faaf5aa5636a32bd7571b5e861d358a5d0fce

    SHA512

    238578daa6c9eb7a20b9355408f1f9347ffce104ad1fb53de8419d74ff249e4800a678ce74dbfd0895519efc51990b353ed45f54f09e729dacc3e4fcbd2110a7

    Download Submit

  • memory/1260-132-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1260-134-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4132-137-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download