Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

Blue_BorFX...ne.exe

windows10-1703-x64

4

Analysis

  • max time kernel
    50s
  • max time network
    56s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/01/2023, 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Blue_BorFX_Medicine.exe

  • Size

    21.9MB

  • MD5

    1873d33d7a133ae2cc781e2ef19e1612

  • SHA1

    9b328ce766ac234e5431247007b93bfeb14bdc3e

  • SHA256

    a6d9c4b733199bf587a41e9e7417fed442d8853ab69e0b7e68c8e870f625fdee

  • SHA512

    a0e5f626d2f0edb353a44d593aa3e6e6349b36dcc05376fd172c604c29e9436c7187c2977907dfeb2b7742d93917b36197b6d2e3dc1c0f8e5d3d6a38f823068d

  • SSDEEP

    393216:xoDTZMgbDt6d0LoEtQgEks6+tnKE4KFxtTBL2tFk9qTnLQ+8SXJG7U96CCSS:x6ZpD9LnagwlwE4KLitayL38S873CCB

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 9 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Blue_BorFX_Medicine.exe
    "C:\Users\Admin\AppData\Local\Temp\Blue_BorFX_Medicine.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:4820
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4300
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.0.1936643505\473120083" -parentBuildID 20200403170909 -prefsHandle 1512 -prefMapHandle 1504 -prefsLen 1 -prefMapSize 219938 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 1608 gpu
        3⤵
          PID:4664
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.3.480360695\250231772" -childID 1 -isForBrowser -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 156 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 2220 tab
          3⤵
            PID:3228
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.13.888100721\640578374" -childID 2 -isForBrowser -prefsHandle 3400 -prefMapHandle 3396 -prefsLen 6938 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 3412 tab
            3⤵
              PID:4552

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \??\pipe\chrome.4300.10.75629848
          Filesize

          176B

          MD5

          8889341d33e6bccabbb20274a220705d

          SHA1

          3b902e17df7fa9503711e869d6daf519c0d27282

          SHA256

          d5f7d80495bef418dbdbe697f1d1967057686faad35634dc89c6bfc9320d04be

          SHA512

          7d9db312ab822e55f71904fcee998984f632ea52c12bf3b0b56f674e0b2bdfaa049d2fc462014d07cf54c674dc8eb9c5fe6a648375804c3e36aef26ca522d6ee

          Download Submit

        • memory/4820-120-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-121-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-122-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-123-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-125-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-126-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-128-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-129-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-130-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-131-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-132-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-133-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-134-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-135-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-136-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-137-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-138-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-139-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-140-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-141-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-142-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-143-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-144-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-145-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-146-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-147-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-148-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-149-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-150-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-151-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-152-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-153-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-154-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-155-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-156-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-157-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-158-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-159-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-160-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-161-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-162-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-163-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-164-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-165-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-166-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-167-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-168-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-169-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-170-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-171-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-172-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-173-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-174-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-175-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-177-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-176-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-178-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-179-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-180-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-181-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-182-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-183-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-184-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4820-185-0x0000000077600000-0x000000007778E000-memory.dmp

          Filesize

          1.6MB

          Download