Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/03/2024, 14:01

General

  • Target

    b24eaa2502c9bb6d741e56302451a47c.exe

  • Size

    502KB

  • MD5

    b24eaa2502c9bb6d741e56302451a47c

  • SHA1

    dae6f7d8b2c26fa0de919188d5cd14165cc1652c

  • SHA256

    e7337744b755cc039f32348a645ac4cdac01fec4f4725403e2b7d677e7c3c245

  • SHA512

    9ee25d8dd49539e0bd4c79c22f1a2ccb5a5024017e7a1dbd6638f7bb98eb894296c86751c1f41bc41e9355ab4bd05dd19babea2a4a5d74ca0cb7224b8d438707

  • SSDEEP

    6144:cWwMnudHJHp7/be/jYB2nhw5MvSSJTpYLm+4NYLDBT2l8mIRhlfcCfVGojI/YW/O:xuZ7TebG2h1jWL3Np2lPCkuUIWgR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NTFS ADS 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b24eaa2502c9bb6d741e56302451a47c.exe
    "C:\Users\Admin\AppData\Local\Temp\b24eaa2502c9bb6d741e56302451a47c.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\baidu\bar\BDBar_tmp\BaiduBar.dll

    Filesize

    1.3MB

    MD5

    1b8f4df33e4b9a3ea2e4616a148b35b4

    SHA1

    c4ebaa3dfcc8ed0311807c5a812f5a4a02dd6e9b

    SHA256

    1413011151fc984be69fa146ea07acc692e18bd3993e20b8654a2b4134937852

    SHA512

    90b41c98d09ec27ed401af0016fb2852b030d18f93ceb40486d825993f03884f00a3996332b4f673394825723fc2cb0c9bb24fe2944c5e6a8456aaf21c88c762

  • memory/2760-14-0x0000000002E40000-0x0000000002F96000-memory.dmp

    Filesize

    1.3MB