Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

FabFilter ...en.exe

windows7-x64

7

FabFilter ...en.exe

windows10-2004-x64

7

$TEMP/BASSMOD.dll

windows7-x64

1

$TEMP/BASSMOD.dll

windows10-2004-x64

1

$TEMP/R2RFBFKG.dll

windows7-x64

3

$TEMP/R2RFBFKG.dll

windows10-2004-x64

3

$TEMP/keygen.exe

windows7-x64

1

$TEMP/keygen.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 23:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FabFilter Total Bundle v2023.02.06/R2R/FabFilter_KeyGen.exe

  • Size

    595KB

  • MD5

    c482cbba8d390a0488f33ef36daf2a9e

  • SHA1

    cefb2cd5a09c7f20bb42187acae38fbd3f2da4da

  • SHA256

    7d35e4d663f952f93ef7b271772fc9ce9bc2ff22cb07d9a99f48e47b21517a28

  • SHA512

    b18575e6537d936cd97a0efbf9805081d3e97c540022b46104905a30eae404c0bfbab33a09cf282bfb5cad834886c27e21fda5198bac8d431d5a75af236cab78

  • SSDEEP

    12288:XYkc9t2Sll/5+Fu/dCzO6bqTYFD3fUtPPR5HnCYLJZKrdezL:XYkcL54S4RbYIz89PR1LGBuL

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FabFilter Total Bundle v2023.02.06\R2R\FabFilter_KeyGen.exe
    "C:\Users\Admin\AppData\Local\Temp\FabFilter Total Bundle v2023.02.06\R2R\FabFilter_KeyGen.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      C:\Users\Admin\AppData\Local\Temp\keygen.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bgm.it
    Filesize

    80KB

    MD5

    5e3c083251880c635f5ea6a0a6ed8e76

    SHA1

    e7fb44133e223140057243493159bdce01c5f080

    SHA256

    9d460a48d7f7f461967c9065182456871606eef1c27f21767335b7d81384e141

    SHA512

    b4a6a5ad71a13f51989e1fccedb542ab528f6ab9bc3d60a4c93c59e544b8eaa06ca7b9fe79c1d9a5c92b61345c18e38736561cd21426bc9e43ae3a4c59424284

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BASSMOD.dll
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • \Users\Admin\AppData\Local\Temp\R2RFBFKG.dll
    Filesize

    91KB

    MD5

    62695f6fa2a85fc9993f57dfcbdc2749

    SHA1

    07a9b478df63fba4cf3002974b4cf56b404d0914

    SHA256

    1ab33027c4965b027298651781a1c780c272818da189e2c3a8101ac578069260

    SHA512

    69dd0de913629853400106811bffdebd8ec2037c93c9f9820d3f140e84576912de3ab57434086e20cf8698185015c27fa307e06047e2219dcf38a927a36f3c95

    Download Submit

  • \Users\Admin\AppData\Local\Temp\keygen.exe
    Filesize

    1.0MB

    MD5

    d46b062d7f8ecf948d579ebe809cd597

    SHA1

    bba400b955bca8729bfdffb343d3b9f54cbb42f3

    SHA256

    9dca86bab19f5f0cd7c71ac4797921c93c03894f2378b8b3f4e97d742c9c2ea3

    SHA512

    2c93a1e061a9a77b5c4b5ba8e5f6b4809f225c28b9279cf341c54b8cb586834c7e1ca583df8d8ad4ce8458fcdee306b9f43043b5c2e3f9441f024b4591ce7d49

    Download Submit

  • memory/2060-24-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-27-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-18-0x0000000000220000-0x000000000023F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2060-21-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-22-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-23-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-11-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2060-25-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-26-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-16-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-28-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-29-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-30-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-31-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-32-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-33-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-34-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2060-35-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.