Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bce8b8c32c...bc.exe

windows7-x64

7

bce8b8c32c...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bce8b8c32c6db8d713baadc45da33fbc.exe

  • Size

    506KB

  • MD5

    bce8b8c32c6db8d713baadc45da33fbc

  • SHA1

    c3218b6ff3c75332553f0c498d371b0d15f2e05d

  • SHA256

    866e3b488cc348dda132c3c41848d24354c97d8cbafabe6405ae2e8547b6b65d

  • SHA512

    4a1f0476b546b83ae7fac887caf7bc985c676069f04965c26461272f5d4f72b26d0631ff4ba1205e603220058288cb12ff3d1e48a28e6f5b8b6953843ef48dcb

  • SSDEEP

    12288:8TPVaUL/oAWbR/njNDZD98dkNoGhaXUqVwfU/CRlndQY/:aP/VWb9ZkdaoFifqCTdl/

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bce8b8c32c6db8d713baadc45da33fbc.exe
    "C:\Users\Admin\AppData\Local\Temp\bce8b8c32c6db8d713baadc45da33fbc.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3852
    • C:\Users\Admin\AppData\Local\Temp\bce8b8c32c6db8d713baadc45da33fbc.exe
      C:\Users\Admin\AppData\Local\Temp\bce8b8c32c6db8d713baadc45da33fbc.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1068
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\bce8b8c32c6db8d713baadc45da33fbc.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:3988
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3676 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1144

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\bce8b8c32c6db8d713baadc45da33fbc.exe
      Filesize

      506KB

      MD5

      01abeeb15dfac013526795cf4edba82d

      SHA1

      067609321bde1210c1b7b42cadba834c231668c9

      SHA256

      3872a7a88c18220143fddf298168ae7e16f4e1e94c226b66a980d15d126bceb7

      SHA512

      93dbbc3fca4c2808cf6e8fef41dcfd8103d53889f6391bf0ed2250ced8e621df411ad3e647214a95f909b9b85c6fe0db0eb26d8758f620ee898fbd8975aba7b9

      Download Submit

    • memory/1068-13-0x0000000000400000-0x0000000000483000-memory.dmp

      Filesize

      524KB

      Download

    • memory/1068-14-0x0000000001510000-0x0000000001593000-memory.dmp

      Filesize

      524KB

      Download

    • memory/1068-20-0x0000000004F90000-0x000000000500E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1068-21-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/1068-27-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/3852-0-0x0000000000400000-0x0000000000483000-memory.dmp

      Filesize

      524KB

      Download

    • memory/3852-1-0x0000000000150000-0x00000000001D3000-memory.dmp

      Filesize

      524KB

      Download

    • memory/3852-2-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3852-12-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download