Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Busuuv3082...on.apk

windows7-x64

3

Busuuv3082...on.apk

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2023, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Busuuv3082600127modapkdon.apk

  • Size

    766KB

  • MD5

    826e37ce0745d4d98c6577b6c6d514a5

  • SHA1

    328eb4d9c82e4ec108d9ba19f885ab6ba8bc36ef

  • SHA256

    4100216f945df7d4ff1bd50ce4037d35f442549211795a2317184cedf41d8848

  • SHA512

    9fc347ec94eb47af061c89175b2ff0bc6c57018f35d206e175f1778f8f3cba1dbd50773a0c899f5a472fa4d95284a59b300ebee2b74e251c4fea0bd5b7c21354

  • SSDEEP

    12288:sU+J7yu2OSFqua5XFnah6HHdrMwOwVW86krYB16L8qPWh94yt5U+y9Q4JL449d3B:HYyu23kua5XFaondDO/ZkUtqq94EC+yv

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Busuuv3082600127modapkdon.apk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Busuuv3082600127modapkdon.apk
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2236
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Busuuv3082600127modapkdon.apk"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:640

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    1156772902897213c2520f2b5ffbdb63

    SHA1

    5999bf46581f1cb71a6deec09bcae4706e6f738c

    SHA256

    0b71028700c543fd33ab1f8c29e9b97a6243553b4829e85ac4d17ad0200a355f

    SHA512

    a39604e3f2fcad4569765f30e2bd43f6452db62a9333a0f19a55bc1c61368c7872178d5b3d815ce4dd58619108070834fea3837a1934b201ac31b2e81ca998a8

    Download Submit