Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04/03/2024, 14:01
Static task
static1
Behavioral task
behavioral1
Sample
b24eaa2502c9bb6d741e56302451a47c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b24eaa2502c9bb6d741e56302451a47c.exe
Resource
win10v2004-20240226-en
General
-
Target
b24eaa2502c9bb6d741e56302451a47c.exe
-
Size
502KB
-
MD5
b24eaa2502c9bb6d741e56302451a47c
-
SHA1
dae6f7d8b2c26fa0de919188d5cd14165cc1652c
-
SHA256
e7337744b755cc039f32348a645ac4cdac01fec4f4725403e2b7d677e7c3c245
-
SHA512
9ee25d8dd49539e0bd4c79c22f1a2ccb5a5024017e7a1dbd6638f7bb98eb894296c86751c1f41bc41e9355ab4bd05dd19babea2a4a5d74ca0cb7224b8d438707
-
SSDEEP
6144:cWwMnudHJHp7/be/jYB2nhw5MvSSJTpYLm+4NYLDBT2l8mIRhlfcCfVGojI/YW/O:xuZ7TebG2h1jWL3Np2lPCkuUIWgR
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2760 b24eaa2502c9bb6d741e56302451a47c.exe 2760 b24eaa2502c9bb6d741e56302451a47c.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\`K• oßø) b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\eH•¦²ßø, b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PíW••‡ã8¤ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\fE•׫Þx\ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÔS•Þâø b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ДW•—Cã¸Ý b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PH•—ªß8U b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\†T•N²ãxÏ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ЮK•0߸ç b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PK•Nß8R b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¡M•Ý3áxè b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\-W•>”ãød b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ð J•Ï߸C b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\rM•€áø; b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\KM•§‹áx b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Q•½Íâø^ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PxW•µžã81 b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PYH•?Ñß8 b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PPO•öÄà8 b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐQ•&Ñâ¸M b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐNI•.ภb24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PÔI•Vèß8 b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐI•]à¸L b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PR•GÈá8P b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐìH•gšß¸¥ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐÌE•šÞ¸… b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\[K•žsßø b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ð>H•§£ß¸w b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\‡L•ÕìàxÎ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ïR•žáx¦ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\W•=›ãxB b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PöE•Nú< b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PÏI•ÿìß8† b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ìN•§Kàø¥ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐYL•¶+Ḡb24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\СS•Öõá¸è b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐÆP• `⸠b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ОQ•uµâ¸× b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\óQ•7»âøº b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\6E•ž›Þø b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ð.V•Ý'ã¸g b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ªW•fBãxã b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¸T•m«ãøñ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Q• ÐâxS b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\6E•›Þø b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐÿJ•ÞÔÞ¸¶ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\±K•×ßøø b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ H•®ßøC b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐDO•àภb24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\P7R•þ¾á8~ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\zR•Îáx3 b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¬P•¯Nâøå b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐJ•žËÞ¸ä b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\éP••\âø b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\PáE••“Þ8¨ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ M•^áøi b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\aV•†4ãx( b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐÑW•å‰ã¸˜ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\bW•ןãx+ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\BaiduBar.dll b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ð\N•eXà¸f b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ЖL•Néà¸ß b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ð&M•Þ\á¸o b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐÂK•B߸‹ b24eaa2502c9bb6d741e56302451a47c.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NTFS ADS 10 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐBV•]:㸠b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\sE•~©Þø: b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\úK•:ßø³ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐS•þ:â¸G b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\úK•…:ßø³ b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐBV•N:㸠b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÐBV•W:㸠b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\sE•‡©Þø: b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\sE•©Þø: b24eaa2502c9bb6d741e56302451a47c.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\úK•v:ßø³ b24eaa2502c9bb6d741e56302451a47c.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2760 b24eaa2502c9bb6d741e56302451a47c.exe 2760 b24eaa2502c9bb6d741e56302451a47c.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD51b8f4df33e4b9a3ea2e4616a148b35b4
SHA1c4ebaa3dfcc8ed0311807c5a812f5a4a02dd6e9b
SHA2561413011151fc984be69fa146ea07acc692e18bd3993e20b8654a2b4134937852
SHA51290b41c98d09ec27ed401af0016fb2852b030d18f93ceb40486d825993f03884f00a3996332b4f673394825723fc2cb0c9bb24fe2944c5e6a8456aaf21c88c762