Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Badlion Cl....1.exe

windows7-x64

4

Badlion Cl....1.exe

windows10-2004-x64

4

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

7

Badlion Client.exe

windows7-x64

8

Badlion Client.exe

windows10-2004-x64

8

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

VMProtectSDK32.dll

windows7-x64

1

VMProtectSDK32.dll

windows10-2004-x64

3

VMProtectSDK64.dll

windows7-x64

1

VMProtectSDK64.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LICENSES.chromium.html

  • Size

    5.2MB

  • MD5

    27206d29e7a2d80ee16f7f02ee89fb0f

  • SHA1

    3cf857751158907166f87ed03f74b40621e883ef

  • SHA256

    2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab

  • SHA512

    390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

  • SSDEEP

    12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:840 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9edb1973bf5a2babe4efc957dbf785e6

    SHA1

    80fb314add9d17a5bd1840a888f3cb6ee1c3a361

    SHA256

    9f1ec67577aa887aa2af686679bd3f4a7d512d451917ad70ddedea3d38b5f49c

    SHA512

    13a3f39ee8743ab8834ab2e46e58047fe6382f8f8298b753cafd8d79ad16d09b73a6ef9cca4f5aff729e5ccc04bfb853cfa1e828e23a1799b96bbfaa35684e52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    51f66ab7c8c02cd612a1820c4e71201f

    SHA1

    ec3869dead8c17a2f91e6e2454c2d72137e5617d

    SHA256

    5e78f269cbb4b454d13dbc69e9f69d4a5b176f73c4ef110d369ec9b09d72ee07

    SHA512

    ce5af9e40adefb2aa7c734cedce2bf2b6004313d709935c55a793d19d3dc3d5940e6e84e7a5c3c6f540f8ffe01c5f2080135d478d1589ea6fdbc42531b4e9917

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af26185f8fe753f7c75159c16d8d9f60

    SHA1

    16e1377a5f714a10c857a145c5c82834d298351d

    SHA256

    ef71ac5c70a76644cea756d9b2f18fdd114632368aa62b5502baed7fccb5b79e

    SHA512

    eaeee2e77f781428c85bc27dfeff2c89e7d79ae9d24d44f82c43ac860d242512bd98c5918ad5438acb1b4c7a751a61b600eff55d65e8ddd701cbe4dc2dfaec91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    041cd91b589fd05ae069c9cce6c55f04

    SHA1

    b5a5474e7a19d74f46f6b71ab874c00b06abd10f

    SHA256

    f0d669e11e38acbfa0b06571de780d9debea8abab0dc3633737906e265869f79

    SHA512

    d83a7f5dcc9968e37248b9afbc7959b2e4078ae32600bb6d7ea6326ffe9f15c297f7b0312eb62e63288bb060d9cdf193e687bdce4669eb09743755720c5ac7b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3a48542c040e7743c9d54b86cde4fcc

    SHA1

    1134ab045b2d6f60a62726c7ce6bb4cd3aa59a79

    SHA256

    86afec1d33a5b9f394b979fdccc140cecdc12589b05388038e96218cdaa0cdb8

    SHA512

    36aca0611c71fee17bc889c59c989d9190316b264814bfd2b50460146f36b50987aa9a656364113c7bfe5dd8a9fa35a6c76dfdd326a1d601a292d6f7b4587784

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3e1aa7db03864cbfa4e6407b49f01e7

    SHA1

    3252ae4e01587a6d14fd5f88d84a976b14787ac5

    SHA256

    5e1984a5821aac8c8edd532f50f1f2258aa1cc98c7defeb007ea835298f7a013

    SHA512

    49a6946d0ea8d191fef285e192b2f0662f5d92cb6ee707f9bf3f78809aa3add6ada8c86554d90d901c732f84b220e190cafb6f7d58191bc646260e4ff358a167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14aaa429ac50d9793d1bb82dddcd743a

    SHA1

    3431741f952259a2018b978d0690f4ce8764c669

    SHA256

    fd2f5d0cd68af8af7c85fa206013a66c874c673222fea1a1b3b01110c201cc06

    SHA512

    fd20988646a1d99af899afbb9d3130597ba94841193fea93e2dd51d4d0b75bb42c4f681d4c7196aa48494018e4a498e17b80b26eec1e04759174a8cbdeedd149

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5293ec26961eb5e1ccabcdfa04296c73

    SHA1

    b7420f837b3557c3cd4fd848043bdbd5d7a8fba8

    SHA256

    26298f7873460ee3f81c8cf17b89e600d86664e51b0e9f467d9835111cda44de

    SHA512

    4e40226bfbe9d976a281b5b285c7570d51afdc7dad8fd22d5f4fc72c17bc880e2de4770cc43b4ee7db780d86f7d4cca3a47d62dac66a1ff7f9526332e7bf2d7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    476b32d410e6061e1ff14153cd2e62d1

    SHA1

    7aaed7589e6c392256c6cfbbbc744317e282293f

    SHA256

    563c4e1c0dc35427ba293378035513ce15c6a0a6f50a0c7b89bdfedf238ac215

    SHA512

    88a7b100570dd8beaf9d25772a9cedf9b2595c7258d5af23dd9b292a849c7c77df81f5e146c5aed392e7743ffd8f2cdd6cef14fd47967828411434dd0dc5f8a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a47480fa67fda714de5c652b895f37a7

    SHA1

    73c60107af6c898a7cca5071582f2e04f7dc8ed0

    SHA256

    3726dcaf0fe330ff07a0862ff332993b5e127db706fe38ca30bcc3f6992f51f7

    SHA512

    3980522245ed5d8856131144052c03326d5f3779791f11f2401a051405fc0ce2d2455c5d557e50e3f0331c482c05730adea2e78c98a301f999dffbab79fce81f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f21e5fd2b97a969dd416f6ced99ec403

    SHA1

    4e5745ef8f6b6b51f3d4ee2db3261aeae1e8a6c4

    SHA256

    dcbbbdbd5f570edc1f0a90d5b79971ce081486bf1589858ede26d28873426ed6

    SHA512

    d68cfd312b7d3b7bfafced65cba90d3c225bffc3607b95375829e23f4c6770b732fe2b1ec9adeb5bdf31c1b31d4c9af526a6248b8b045d5c40fed4bb49da0f5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    09124a8a9afbb6e77bb11d0570ec815f

    SHA1

    cea75309607a8322bc3f7d9dd5948cbdb2f62464

    SHA256

    4fe12606bcc52cc0c8e7d5c41744b1a4a302684e864fc825c7625618e2e1b8c9

    SHA512

    67db4e8c1251f3a1ba430875b5e10b31a7bc66b4afa90e25bba2a7dccbb656beeca9eea973a40c1940c3ce41372dbcd09ef016e35ebd2e36660787fbdbafec53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    01a24c6e59af66f6b4a4e82ad73d25cb

    SHA1

    f383f9771fbfcb2db1de499f3ea28c17421dd6bd

    SHA256

    8cbdc1bf9e877ecc0087b1a846867e37d3c76f1af32eccd5138bda04b3513ab1

    SHA512

    35ec2bd891839af9aff286ffc714adb2dbf0029d31a889b17bd7488d50f9633cde6486112776492b2d9ffbff454f9765fb3d44aaf145b35fe976f26c82e682cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a3924b54a22518e28e3b39f93c2938c

    SHA1

    bbab9f90b2ed80694ec857069e36fe72b0f0cee0

    SHA256

    631f2440aa5ec32a79ead4a7c70f0f972990de2c9f0f8c8a0db471c8a49b8486

    SHA512

    504a56280b4d214f45f2a0a2e633dead92d3c78f63b34d4e441706028837c506a6fce9e9dc71785662d9f526ca88dbb493b94bf8859ed84daf32d9b666c1354b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89175c884afe2b1fd88153cd4f59696a

    SHA1

    dd67bea08ac3db630a2205eac07123e36beb445c

    SHA256

    423f15cffd57b38c95affd3a2ece91fe5051a10086bcbbd2e0c6c3a45ad8fdf4

    SHA512

    8228fd0d3bfdc8dc90411a5fb5a4ec711a4ddfe82fda55041d5e635bcf3716487aba6cd3d972d511878391e76ca7032b6877b003caf7e4c6ca842a827ecf31a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab97A1.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar985F.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit