Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

BSLauncher.exe

windows10-2004-x64

7

Resubmissions

12/02/2024, 17:24

240212-vy4t1scb63 4

12/02/2024, 17:21

240212-vw6ktscb44 7

12/02/2024, 17:20

240212-vwegcaae2x 7

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2024, 17:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BSLauncher.exe

  • Size

    672KB

  • MD5

    af692c7b9a7c0474f32aae9fbb6e0d5c

  • SHA1

    b2a34238258b8c38134737bfd0ab81b69641fe91

  • SHA256

    ab1fe3304dcdc8a5ca246c321ad80d0432ce182ad068701345c01b97eb7b0933

  • SHA512

    1be8d08605446a6e6823c6e8b35c740091e77e3acdf3551adf2fe8d00c9997c028c0d01f927db7c9f5a3ae94a3f27806ef755308306cb5140c34ef328ed07178

  • SSDEEP

    12288:TSKyBFTk40TSeylSfylxqu2uTjGeKQR+l9zCp0D4wMMKz6:THmFTR0meylS6lYuNxKQQlRQyN

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BSLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\BSLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\BSLauncher.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    6fc379e2ac1e694f29743e422fc5fca1

    SHA1

    f92c8aba0d2933ebbe823750d3f70b0f40f055f8

    SHA256

    123c51c58cd4e6eb9fb8ff91f361296aa544d155a2717d2edeb05c0b524ecadd

    SHA512

    20171b1e2208e1f02564db89f88182a5977eb6c13e5356b604e3b328767cd5f435046acb2f44ed7586b35d05a46b14373aaab3fc7c52876c63112ef74b4419bf

    Download Submit

  • memory/2280-0-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2408-5-0x000002843B380000-0x000002843C380000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2408-16-0x0000028439B20000-0x0000028439B21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2408-19-0x0000028439B20000-0x0000028439B21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2408-47-0x000002843B380000-0x000002843C380000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2408-56-0x000002843B380000-0x000002843C380000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2408-58-0x0000028439B20000-0x0000028439B21000-memory.dmp

    Filesize

    4KB

    Download