Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

bfbe9467bf...79.exe

windows7-x64

3

bfbe9467bf...79.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfbe9467bf02fde7a8bc17e71150bff8874d74e33e6f3a22b9caba802d86bd79.exe

  • Size

    3.9MB

  • MD5

    1b0b8af1a5695f2f64d7e39b0af785df

  • SHA1

    384cf8e6846552d3a9c29061daa860966ee16427

  • SHA256

    bfbe9467bf02fde7a8bc17e71150bff8874d74e33e6f3a22b9caba802d86bd79

  • SHA512

    00cb4641c784f2999db84e33c001876ffec6f54d1736a5649a7a644afe44cec360e6cc89343bc348a818e82c87cf2396565f6125014f7ebe3206c6cf74c8f34e

  • SSDEEP

    98304:8fJuyMM64R7IDNCYe7dhWpOwnUe7RPzO8Dkj6Oqjf:8BuBZmsDxpOwnUe7I8E6d

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfbe9467bf02fde7a8bc17e71150bff8874d74e33e6f3a22b9caba802d86bd79.exe
    "C:\Users\Admin\AppData\Local\Temp\bfbe9467bf02fde7a8bc17e71150bff8874d74e33e6f3a22b9caba802d86bd79.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3384
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ojbk.lanzout.com/b09fa832d
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:432
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4de146f8,0x7fff4de14708,0x7fff4de14718
        3⤵
          PID:3076
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2828
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
          3⤵
            PID:4948
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
            3⤵
              PID:2988
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              3⤵
                PID:4916
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                3⤵
                  PID:4324
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
                  3⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2116
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
                  3⤵
                    PID:1900
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                    3⤵
                      PID:3436
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                      3⤵
                        PID:544
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                        3⤵
                          PID:2900
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3889274129738980521,3939789190344709806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
                          3⤵
                            PID:3512
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4900
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:664

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            bf009481892dd0d1c49db97428428ede

                            SHA1

                            aee4e7e213f6332c1629a701b42335eb1a035c66

                            SHA256

                            18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4

                            SHA512

                            d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\67d18ea9-409e-404c-a8e8-347f98a256c6.tmp
                            Filesize

                            24KB

                            MD5

                            25ac77f8c7c7b76b93c8346e41b89a95

                            SHA1

                            5a8f769162bab0a75b1014fb8b94f9bb1fb7970a

                            SHA256

                            8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b

                            SHA512

                            df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            120B

                            MD5

                            065a0d8afd3e96c1986bbc12d1c5c555

                            SHA1

                            8db3703b2edf5e1f339fca5106700dc40af8e66b

                            SHA256

                            5b9850070827bb971148205a23974d04e7216dcdebecc33ce7c99668ea473663

                            SHA512

                            dadbc6fd4f73f5a8102f226c5bc2ec64bacacd81eb054edcf30f51f06c842a3c9f8ef7e8e35058625e4f2b297558390a9ab4c30ccdb74258206b9a34528efada

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            111B

                            MD5

                            807419ca9a4734feaf8d8563a003b048

                            SHA1

                            a723c7d60a65886ffa068711f1e900ccc85922a6

                            SHA256

                            aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                            SHA512

                            f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            f1599fee91f7d0596f145670a657791f

                            SHA1

                            e4ec096a9f4f7eb549282e9629034eb42ca8464a

                            SHA256

                            44398880b6a31ecbab7a06e019adba5d9aa562bc43b44edd461f0ce5a36ae44b

                            SHA512

                            6a09b4c7b05427817ecc80a2aec593cd688fc6975667fb6e82482369e74dc8dc6608aea40821868fd2a1ebf2f4b2c505464dcd9ea997df85d7449586e8707085

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            06de1b16a739110f99bdd6c2ceb53148

                            SHA1

                            89a122a4bfe29f90c0bba73614175069bcdc4dc1

                            SHA256

                            cb8b8142f607d99439d246268a573a8b8bf570ab2dd6a9ffe4cdf6197c3d4100

                            SHA512

                            6c20e37aabf18b1ea211b6fb157d8e3f395a7651204aa6e1c3988d295c2d4a1447642e141134d86aaeaa888c69284ce8af49826f92f1f93b303ef86a8f0a4400

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            5158f0a3b39157f28c84efb5425d3657

                            SHA1

                            1ee98e618feb4aadc763c3b2eeb48b446e0bd28d

                            SHA256

                            6f5dc96533292c391b9768eb3c615d8cae04933809871b92b4cc610faeda2b2e

                            SHA512

                            a0f4d4729985f96f69495eb711aeccf227df6ec241451db1da7f0a6098cb8fafa85232fc2fdbf9258e7e8c239305e728688cba5e6e342a7b6544f665a85dbb15

                            Download Submit

                          • memory/3384-0-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/3384-29-0x0000000002E70000-0x0000000002EC9000-memory.dmp

                            Filesize

                            356KB

                            Download

                          • memory/3384-28-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/3384-9-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/3384-8-0x0000000002E70000-0x0000000002EC9000-memory.dmp

                            Filesize

                            356KB

                            Download

                          • memory/3384-10-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3384-4-0x0000000010000000-0x0000000010116000-memory.dmp

                            Filesize

                            1.1MB

                            Download

                          • memory/3384-3-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/3384-2-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/3384-1-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

                            Filesize

                            4KB

                            Download