Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
21/04/2024, 08:37
Static task
static1
Behavioral task
behavioral1
Sample
豆包传世.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
豆包传世.exe
Resource
win10v2004-20240226-en
General
-
Target
豆包传世.exe
-
Size
7.8MB
-
MD5
bdd8475f7d61e0e040fb4bc0c04be632
-
SHA1
4d02cd34ddac9f72622bd5f8c482c8123739cc5b
-
SHA256
56bf06097a4002d570cb291a755231e331e23797889a831da7f4ce7f278d2355
-
SHA512
cbb5b37e3f641a1a15f1dcde2890989367c46bbad7602cf75fef1c76cea858fd7fe53c79e33e110a3c4d6f0b5c0c2dfd7cb1b42b850873ed1510ea4860e3f51f
-
SSDEEP
98304:k+D/SiClYHp8fVien4vOFipGQ9nLcDy+fXOIP+POpaagyAZyuaPCtByE6228hAuu:kW/pa+Hno2yPIOAfyuSZE6IARwex
Malware Config
Signatures
-
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\myini.ini 豆包传世.exe File created C:\Windows\SysWOW64\520cs_xy.htm 豆包传世.exe File created C:\Windows\SysWOW64\520cs_ys.html 豆包传世.exe File opened for modification C:\Windows\SysWOW64\520cs_xy.htm 豆包传世.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2184 豆包传世.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2184 豆包传世.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2184 豆包传世.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2184 豆包传世.exe 2184 豆包传世.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\豆包传世.exe"C:\Users\Admin\AppData\Local\Temp\豆包传世.exe"1⤵
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5a483e496050dbff87f07db4cdc983055
SHA1616cf5e8115b121e59029bb1fe85f3f09cdd5b9a
SHA256e8afefd32c5baa8b17fac72159a248c16bceec02b75a20625d3578a11a5ef693
SHA512ddfb6b8320ac2704ad95ceca3ea1af52076e0cfce52c9b0ea8880fde764b729434c124a01c54e67142932944883e81d9e1f366cb14f8f5e58930cf4c9cf0d980