Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16/04/2024, 01:25
Static task
static1
Behavioral task
behavioral1
Sample
MCBEPlay/bds.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
MCBEPlay/bds.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
MCBEPlay/mcbeplay.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
MCBEPlay/mcbeplay.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
General
-
Target
MCBEPlay/mcbeplay.exe
-
Size
1.1MB
-
MD5
ae80d14218168e3bf927c7823eaea92b
-
SHA1
720c004037da2ffd27c6caba6e8446dc0bb1f215
-
SHA256
7350dc399b7cba52a18391008fb751b716eb74296cc8dd8687b3e2a826878d38
-
SHA512
021895fd2149f04c940d08d35a9a90deabfcfe52580a9e69640c42343cdcd1cbe53e1a1bd54944f09a89939547d648dec5a3621f35dc087cdc4e3da167518e05
-
SSDEEP
24576:vRaZROMOm8FN7TjsPnzt2heeRhQbJEOeam/L4/:pkxOm+7TjsPnztyDMmao8
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1712 mcbeplay.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe 1712 mcbeplay.exe