Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Badlion Cl....1.exe

windows7-x64

4

Badlion Cl....1.exe

windows10-2004-x64

4

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

7

Badlion Client.exe

windows7-x64

8

Badlion Client.exe

windows10-2004-x64

8

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

VMProtectSDK32.dll

windows7-x64

1

VMProtectSDK32.dll

windows10-2004-x64

3

VMProtectSDK64.dll

windows7-x64

1

VMProtectSDK64.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2024, 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LICENSES.chromium.html

  • Size

    5.2MB

  • MD5

    27206d29e7a2d80ee16f7f02ee89fb0f

  • SHA1

    3cf857751158907166f87ed03f74b40621e883ef

  • SHA256

    2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab

  • SHA512

    390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

  • SSDEEP

    12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    727e954de00459dc14d78fe8122d1ad4

    SHA1

    c53b36c7b61dc49da488ed162501d28eeab81951

    SHA256

    0d3fedc223ab0ce9e772debe2bb842ee930d715957eab47aa68c733b23e4c835

    SHA512

    43113bae622613ecfd117a4276a6a53360eecd89144d60cd7b536699d2c02010f7ece84d4d81debc5dbfaff305bf63be6a746a2715b3034cd6d6be531f44f366

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64e69e1f98b797e0da03a5087b97d73b

    SHA1

    f55ced793a6e3a212b922b74968a35e2ed024f23

    SHA256

    3f04ffd56e32e4465ac27820fb6441f7ef90820cd240efba0ef411f140ecaef6

    SHA512

    0a6b4375fcdf1c1a6b0e06f0e7e8b0e3950cf241c96bcf882b53647f43b326b6800f742cfa4d925bcf27fc6069646048656a961c8382e4ab9dceb0f79a8cd1cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e7ee6f00f456986ad5c48774cc1d488

    SHA1

    0af95e423a12ef6c1165c7e7c8eeffb83a26ca5b

    SHA256

    1784ba80d6d1e25698609bf763d985062e0b4f50d7dfabbeb269e10f02a61b8d

    SHA512

    0fd2f859fe1922404177678c77fe9be15569bd05f36c1c5a797791843ba32361fb1161923ff9ad84c16a3254bb3d886f733bace401f21660f37b59c87969a279

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2ce8e57b0a399851bc84ddbba967b4f

    SHA1

    b265558e4db72866943dda0c3a0a7689a977f814

    SHA256

    f8d902960c9e6e7290d857f950555c8c120f2d20b04f92540ee9fe23c91185e9

    SHA512

    742c7f42d8ace5bf97a5720c6230100404fc039e4e2802882af5d6198f5fb65ce5e79d1822c0a42570b1a6131c9b230b2dee057bae5e912c772bac2f98284708

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec8861425294da3e8d44007d2a897515

    SHA1

    648180555205faaa24b4120ed400e9f8dbc58e3b

    SHA256

    f061cb400a0811eab73709655f3f6bf9fb58eaaa72aa87bb3dd72f827a622c9d

    SHA512

    730f44c0b28969e3700fd0d73f0bec50e7faaa442c58c319ff60bf6588a05932bec287146926439a022962fe9100dece118acbb6126d006030fadb70226ffc69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86de610620fabff6a1bf208e2cfa01df

    SHA1

    ace0b08d78cba16c30782ba028260e237e01e989

    SHA256

    d45017b0061d9a767c104ac4569c68b056ddd5645a6decaec663557176fee268

    SHA512

    f18fc0844470ec1c605b8c85dd4f1ac16bd401505923955849d65278d46bc21572d176c0fb3408143abb747728cfc8f4ce7f0d48bc95328c05973c44a8a49dc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e07ec85c38fc32d05d65c46dd3c006ed

    SHA1

    4de4d118d5d98dca14af2ce12605fa5b4442c099

    SHA256

    d58010ff75133b83be1f6ccd715500e3c260b159f5cfa58788b6769878264589

    SHA512

    d30336e4e0a19c30c02afb7178495d065a3a8b2e4ff05fbca0e331fb3b26365a7f673b5f6e89784c967a656bcd37eae3124df9226634d6e83ee3c41f27ba2178

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b73baa89eedb371e0af6e350434b974

    SHA1

    095de9e1cde91fe81a81784b8d90b2e092d0b7a2

    SHA256

    ef78ddd54880584f4f989120e2e7573d0aaffd6dbacef51f80e5d65e6f26bc0d

    SHA512

    b1dde3a236de5d4d0617e9b7a289c673f29d6d8b89b3e76a5b184e9c4d99b9acafe72c3f95c0c60ba2470c73bad1e7f7c2d8554fb3641bd6c3e857c88840b1fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    492753db20f87a888da9b51179be6764

    SHA1

    30877d12dfcc79d04a842506aec0deb2c9a273f8

    SHA256

    c321e99c759d716440f78fdcd08ceeecb0e212d229ac7bb58951ad97c8ec0a09

    SHA512

    326821d04d738afde64c34a9ab59290ad1a5df66fd1d1aad7b87591e1bbd4eaba6f248c1fff95ee943444ac6dc5a67b9eb4111bf3b87b3a04860aac667695e8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dfbe98f0a5bbf7c950b651e1e0cdd8b8

    SHA1

    85765698fe01202964c989d6be9ea6aa32a41014

    SHA256

    c971b6aea5d7d2eb0b9a39904a66dc807a7e71876d5ce3ad3bea630f9f0a9365

    SHA512

    207930112eefdb6562fab075c1e4138d334258deffe15ed618e7e08173112992e9c8dc661f8137594c01f6cf831dcbc6911b21cd5fee3e0c9602bc42d65eaa7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    587fc0da4a3d661ce7639e621f6dcbb5

    SHA1

    c54a2d217ffd4b1519058e5c4390f76ceb7dd371

    SHA256

    f050abd554538e69bdeae6a8d62496122ba522b05f63976ed7d600a1e7a0b5bf

    SHA512

    64b14472c296e0e012be367ed88ad1432b18aa51b824c9182a6a0172a247a55681fe22244ec5b3d0ed28e7f97ed16edfcbc9e70dc780fe6ec0493602e7063d02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3b473820a8e2ccf198609ad6d3f1f8b8

    SHA1

    cb5a16ebefa92d29d237f179588fe59a470eca58

    SHA256

    dbb333ff51c64ffa29454a30da5dbf56a9b4af745aa1be766cd136f08324130c

    SHA512

    6b1be33cbafc7285520ba82d1bda0f48f98ab556c50400bf4eef6d8d22f9bbef5109117a6461f9c19acd880f4cc9960d0f8e58efb1b74bcd6fc2df3edb9fe92c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFA57.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFC4F.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit