Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3NodeBEAM_E...02.zip
windows7-x64
1NodeBEAM_E...02.zip
windows10-2004-x64
1NodeBeamEd....jbeam
windows7-x64
3NodeBeamEd....jbeam
windows10-2004-x64
3NodeBeamEd...re.dll
windows7-x64
3NodeBeamEd...re.dll
windows10-2004-x64
3NodeBeamEd...lt.txt
windows7-x64
1NodeBeamEd...lt.txt
windows10-2004-x64
1NodeBeamEd...ng.txt
windows7-x64
1NodeBeamEd...ng.txt
windows10-2004-x64
1NodeBeamEd...or.ini
windows7-x64
1NodeBeamEd...or.ini
windows10-2004-x64
1NodeBeamEd...in.css
windows7-x64
3NodeBeamEd...in.css
windows10-2004-x64
7NodeBeamEd...in.css
windows7-x64
3NodeBeamEd...in.css
windows10-2004-x64
7NodeBeamEd...ar.eot
windows7-x64
3NodeBeamEd...ar.eot
windows10-2004-x64
3NodeBeamEd...ar.ttf
windows7-x64
3NodeBeamEd...ar.ttf
windows10-2004-x64
7NodeBeamEd...r.woff
windows7-x64
3NodeBeamEd...r.woff
windows10-2004-x64
3NodeBeamEd....woff2
windows7-x64
3NodeBeamEd....woff2
windows10-2004-x64
3NodeBeamEd...l.json
windows7-x64
3NodeBeamEd...l.json
windows10-2004-x64
3NodeBeamEd...s.json
windows7-x64
3NodeBeamEd...s.json
windows10-2004-x64
3NodeBeamEd...s.json
windows7-x64
3NodeBeamEd...s.json
windows10-2004-x64
3NodeBeamEd...s.json
windows7-x64
3NodeBeamEd...s.json
windows10-2004-x64
3Analysis
-
max time kernel
161s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
22/05/2023, 16:03
Static task
static1
Behavioral task
behavioral1
Sample
NodeBEAM_Editor_037_002.zip
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
NodeBEAM_Editor_037_002.zip
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
NodeBeamEditor/bin/DemoCar.jbeam
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral4
Sample
NodeBeamEditor/bin/DemoCar.jbeam
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
NodeBeamEditor/bin/Qt5Core.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral6
Sample
NodeBeamEditor/bin/Qt5Core.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
NodeBeamEditor/bin/arguments/beams/default.txt
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
NodeBeamEditor/bin/arguments/beams/default.txt
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
NodeBeamEditor/bin/arguments/beams/steering.txt
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral10
Sample
NodeBeamEditor/bin/arguments/beams/steering.txt
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
NodeBeamEditor/bin/editor.ini
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral12
Sample
NodeBeamEditor/bin/editor.ini
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
NodeBeamEditor/bin/html/css/bootstrap-theme.min.css
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral14
Sample
NodeBeamEditor/bin/html/css/bootstrap-theme.min.css
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
NodeBeamEditor/bin/html/css/bootstrap.min.css
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral16
Sample
NodeBeamEditor/bin/html/css/bootstrap.min.css
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
NodeBeamEditor/bin/html/fonts/glyphicons-halflings-regular.eot
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral18
Sample
NodeBeamEditor/bin/html/fonts/glyphicons-halflings-regular.eot
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
NodeBeamEditor/bin/html/fonts/glyphicons-halflings-regular.ttf
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral20
Sample
NodeBeamEditor/bin/html/fonts/glyphicons-halflings-regular.ttf
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
NodeBeamEditor/bin/html/fonts/glyphicons-halflings-regular.woff
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral22
Sample
NodeBeamEditor/bin/html/fonts/glyphicons-halflings-regular.woff
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
NodeBeamEditor/bin/html/fonts/glyphicons-halflings-regular.woff2
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral24
Sample
NodeBeamEditor/bin/html/fonts/glyphicons-halflings-regular.woff2
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
NodeBeamEditor/bin/jbeam/camerasInternal.json
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral26
Sample
NodeBeamEditor/bin/jbeam/camerasInternal.json
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
NodeBeamEditor/bin/jbeam/hubWheels.json
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral28
Sample
NodeBeamEditor/bin/jbeam/hubWheels.json
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
NodeBeamEditor/bin/jbeam/hydros.json
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral30
Sample
NodeBeamEditor/bin/jbeam/hydros.json
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
NodeBeamEditor/bin/jbeam/refNodes.json
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral32
Sample
NodeBeamEditor/bin/jbeam/refNodes.json
Resource
win10v2004-20230221-en
windows10-2004-x64
General
-
Target
NodeBeamEditor/bin/jbeam/hydros.json
-
Size
236B
-
MD5
a2a05fb86ac3c65daccd6c6b74695f0d
-
SHA1
d212217bcc727cf8401cfce733c8089aaf36946a
-
SHA256
9c8974a710ce65046b1640bcccc4725813e03b95173afca0e89dc097d8de845f
-
SHA512
895507afd10dbb086f45c7baa1c4dfe6fbb401e89f82eb6319bda2be0426a9c9df5d25d029765e840cfc01aa83523c910a06e569eb70d197abdadbc6d10f4c61
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\json_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\.json rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\json_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\json_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\json_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\json_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\.json\ = "json_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\json_auto_file\shell rundll32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1764 AcroRd32.exe 1764 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 912 wrote to memory of 360 912 cmd.exe 28 PID 912 wrote to memory of 360 912 cmd.exe 28 PID 912 wrote to memory of 360 912 cmd.exe 28 PID 360 wrote to memory of 1764 360 rundll32.exe 29 PID 360 wrote to memory of 1764 360 rundll32.exe 29 PID 360 wrote to memory of 1764 360 rundll32.exe 29 PID 360 wrote to memory of 1764 360 rundll32.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\NodeBeamEditor\bin\jbeam\hydros.json1⤵
- Suspicious use of WriteProcessMemory
PID:912 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\NodeBeamEditor\bin\jbeam\hydros.json2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:360 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NodeBeamEditor\bin\jbeam\hydros.json"3⤵
- Suspicious use of SetWindowsHookEx
PID:1764
-
-