Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
12/02/2024, 17:24
240212-vy4t1scb63 412/02/2024, 17:21
240212-vw6ktscb44 712/02/2024, 17:20
240212-vwegcaae2x 7Analysis
-
max time kernel
167s -
max time network
164s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
12/02/2024, 17:21
General
-
Target
BSLauncher.exe
-
Size
672KB
-
MD5
af692c7b9a7c0474f32aae9fbb6e0d5c
-
SHA1
b2a34238258b8c38134737bfd0ab81b69641fe91
-
SHA256
ab1fe3304dcdc8a5ca246c321ad80d0432ce182ad068701345c01b97eb7b0933
-
SHA512
1be8d08605446a6e6823c6e8b35c740091e77e3acdf3551adf2fe8d00c9997c028c0d01f927db7c9f5a3ae94a3f27806ef755308306cb5140c34ef328ed07178
-
SSDEEP
12288:TSKyBFTk40TSeylSfylxqu2uTjGeKQR+l9zCp0D4wMMKz6:THmFTR0meylS6lYuNxKQQlRQyN
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious use of AdjustPrivilegeToken 34 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\BSLauncher.exe"C:\Users\Admin\AppData\Local\Temp\BSLauncher.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u265-b01/OpenJDK8U-jdk_x64_windows_hotspot_8u265b01.msi2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSTL4942\OpenJDK8U-jdk_x64_windows_hotspot_8u265b01.msi"3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
471B
MD50b5cc1567096a2c26583b437ccffbda6
SHA182f90c0ffd581f776eee31aa02a7ac591b00dba7
SHA256c831ca6c6ab7a7a6d1d45846377665f6c666dd3259a9a92c09ca5a553333ef10
SHA512241eab2417bd67f3b41db185529e95f0408a04f4b9490c23f2f96d4d3f23b613a9b217afd5dc795af36cdafb26472c5461d6da2c369d6942160165c065c618e1
-
Filesize
471B
MD5b466fa261091f0d6faa49b2e47a79922
SHA1d35d47cd7443c7ce60a3b6b5704d696085260854
SHA256c8d40a828f876dda3b707a8f0762051ca4871508f20aeda5b9d30a2254f5b9c8
SHA512ccb36c7e75fd1b84639400ddd8be0eaf8f3adcd8c118a6d345438873581f83f363a79eea962c556bb2a527c5ffd0858e8afbb8660e15e60c580e044ed24ab7be
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD52d2a46e3c5382d94827dd740c71e43b9
SHA15824155857cd1fcc13e3a9867d0bfc585871d670
SHA256c36216fc1a2b6cdaba5df5ae33270c16153fbb80f2ae6c1dfa84e3f59da63303
SHA5128386ddd06393358d11e1944164876e5fb921bfcfdf92bdfd64e3c3f4cc18b6fd34602bc071eb74a4e0090f03bfe9e76258d1babaef64bd8a339a62fd4d4d77f8
-
Filesize
404B
MD56a584875acdd66cb69ad302a95f0a4bc
SHA1e36a947a9e9b7340c74bbd28c40ffcc894c62728
SHA256287c8ed41c1e45c9ec2e4b3923601582ee092476fd181abaaa9aaf1323dc2dde
SHA512b3b7139100a7721affa76b70c3a25f3c09cdd3acdcc43c7b553a0d2b71670201acbec0f1312007b0ea8867cc734a124e6d5be6b592e82f0ff468c0ceaa3c932a
-
Filesize
404B
MD51bc9c7b4b91f42b14678938f404bf326
SHA168d4e09301930ae0bc9541e6f2418bfd02810199
SHA25668eb486af4fd48d8be05ec6b645f584eddb9a113291706bdb83b2aabdef8b076
SHA5125b8a8d6df779c240927c4610874a061be06f15f71e69dac408faeb62346ba8256586b26a601d1474ce34e479212517f0a056c99ffe7595ad7fd24f7b2ad9a46c
-
Filesize
344B
MD58ca23541b21a2de3ff6b63569fa3f820
SHA146c0a1b935e1fd2d2315779fc267b24abcdc3268
SHA2566b69a33f5624a8e1f615067c51db8b4c2cb0e4683f391d39313d5d5d322c9fc7
SHA512d0b2e581547c44aa366604cbdfc60bb4928ff4d4e6a276903ac11414cb81fad05565a5f80eefbb714b10f328fbcd9887b4684405d7d35e8fa01b5d5e41ba7fe8
-
Filesize
344B
MD55c49aedefdcbf5c0a8890d0249497096
SHA1758dd85cc339efecd4765552bacc7aa31274e260
SHA2562002940d2badea4dd03152aaf01fda4e68626eebe3d5b337faf2fe848515159c
SHA512ba64f1e4f30d8e8dd4a3864de019705897735e91016e4a82d5c9c975e604c3f331763bb36cfd5cb483d39364800b89d38d2bde1602d7be8c29f8e5748824d398
-
Filesize
344B
MD58ff30cde1ebed96e60fa8c80af989cd3
SHA141de803f450b094c591690ce23851121097f389d
SHA2566470f10272e0dfcaffa2add599a2b5572de3668939bf4851cc4723af7fa1799b
SHA5128277b262d1a2907c0e27dd98027f8fb42e05e7c0098bdb49166e52ae13c76df6cada48706e3d1059f7cfe2e19aeaa754a0e685ad708cf6ddf2f459ee50d9e5bb
-
Filesize
344B
MD5e878e8647316a27090cd8fb678ebb9e4
SHA110cec8d0ded77c9c9093e4cb36ca5e944bf472b0
SHA2566647f372066d95f8912fe1cb4fd449ded5d14f0af47e4250ff8dc1a514366555
SHA51218b4e5f601ed3d6094686eba481ebeaa68fb17de5682e13718c9d97bd261838c929102204e05a54b7f31ebd04155e42567eafdc88bdd3bc58161fc9c63e6728a
-
Filesize
344B
MD507ff933e5bb79d0ee330a59a94604e86
SHA17e2ede92793f75cc0e1456bb5ebef3abd9886361
SHA2560e101eff62615fbe6e32ffa5241e0ef521fa7223df2432ac1c2e4549aa4df894
SHA512a0efeb271d00637427e56c13717befab2e597672e3aa3739aaeb459aa66312f786478bfbc778399a0ad965b890c4fef0d7a8e149e147918856d857e18f63310e
-
Filesize
344B
MD5a510e73db9d4f7316c0d5ea36fad5ac3
SHA1611303109fc0384a364a156d770d72e3773f4ae4
SHA25699140320df716a26923beaae4830544e44b44ff8adb13a23589a3dcce379d0a5
SHA512a540658d7215e0c467198f578c1297290424dda713973bd09f153bd1470cdab18c615cfe42f554d6399e904a48f73732e6a4f6208eeeb282d2fe1f02c38329c4
-
Filesize
344B
MD5fbeb2befc228c4e28a52f79758a8af56
SHA1e77e30c97f587c98428a108b2520fd220707aa45
SHA256375b341e9cda2ac10766604ac007d95a72897e6384bd65cde465779f922f1dd4
SHA5121cfbbab32657c00acd6bd9ae50086d53bffe07a6c89d5c292b00258ac9235d1161ab4e84411f02bfece807e29883677e174c7bcfcdb3dc1cd56bb5ffe9086f4a
-
Filesize
344B
MD5c80be2e1171ce7c0a26cab9698733669
SHA1edbe707218a9cb06e1db4ba0825fbef57a56793c
SHA2567cd3df6e31b1f945995307b5bfbca53e0af8bf8f7e20da5d0cd3fb72bd31dde6
SHA512eb25179cfc1c86495e3b0f919ca6f0feed877d4ef6e1061271866e2b13bbbe39d733880ac761fa8ed411e5f74e36e5199b5a43b4cae1fba73e639871463f0a65
-
Filesize
344B
MD50f85451f79a143d7e5eb1778a56e0e0a
SHA1dcd4beff6c4810f5182afed8edf082eb8e986b3a
SHA2568c9dc41ce19794915b327dc122ddfd51d822e28f76f9218f57945b312a4be2b1
SHA512519b561c05e4c7e8244a30cd7d702945af29fcf6b034b017be2dd15784912066454a7d88bb56f38d9cf17c17cf6c6907fd0304928e23a72abbeb14caa4f84d0e
-
Filesize
344B
MD5c514b02401c1ae09fdb0878ddc45a290
SHA1388219e4f217f9857e3595b8670beea8fddfab7b
SHA256f45d3feba3deae8d01e0359bc785bfa660642c69056bf60cd84c0012802e11c7
SHA5121286bbf4562b044cd32a43a6b8b59b874f0706f572604277727b2b43ec3559f799d4750ec4f21cc122124fadb4444791ef9b3394b0c3caae94b6518e115c26c2
-
Filesize
344B
MD5a234790143f2e3363182da321dd9e02e
SHA159fe0e02e9fe405cb3e0b61db3a4bd99ded05571
SHA256a1ff7029d39ae9a7c9b942415a12d901ffa7de2a417bf9a737e7e41b24437a51
SHA5123fcd78edcfde3962349eae626b3dcce21f54a57512b852828fedf233d3b6f434011c148c60694ff52ca638bf0af4de89366c9d3ccbf385e616ba576bbac2f52c
-
Filesize
242B
MD5005d3193cf8a6d428de5bd37387fe1b6
SHA18c7de78cafcd910a988c0d369463fe483f379878
SHA2564b03f084dd84f66015ce05cdac6299b764b228e7cc87b9fd36d1277e023e14f3
SHA512e373b77690bae967d492e017bfc2e23346fbb743b850f4450f82bf0d09dd645726071b0b644b2596590b526dc296229501525e49f67192f9cf0df0d030aa8769
-
Filesize
27.5MB
MD5bbf54588ed9c2bbf76f7bdaf7cd6a661
SHA1f58c5dc08435e0781d1f5e6c54b983b80381c0ca
SHA2567b62e46ddfe494582d314b2be6e6d5be30c102d1284c1b6088ddc44701f92870
SHA51241855632f0c2d75dae47aa8e44045639d25fe8135dd861c1628327fafef336b44754f79e8d5d82ee180ab96e2c9e79718b5516d4d60c4e75c235a02d6f895eac
-
Filesize
41.5MB
MD505be65962650d50e420c1ea4e5ceaad7
SHA151a030a0c6ffaac4209e17cacfd42a53fb1efbae
SHA2560e6dc1efd7b40e0f191e19cf2b92733f0cde74dd18f5a525a7dad1402172439a
SHA512c779b259652e567efba8500d933c75997b6685578be8d56e31f19f47fb331efcd91d84663de0e2708b3ef2a9bd22567088a89cf4b75c0f16b00c8f2ba0d1a080
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
272KB