Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

DragonAge3...12.exe

windows7-x64

1

DragonAge3...12.exe

windows10-2004-x64

7

DragonAge3...DX.dll

windows7-x64

1

DragonAge3...DX.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 00:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DragonAge3Inq+16Tr-LNG-v1.12/DragonAge3Inq+16Tr-LNG-v1.12.exe

  • Size

    4.4MB

  • MD5

    34bf331ff7c14745bed42bbb6fa1355f

  • SHA1

    ef8cca018c84885d619ed9ebb477b28fde4ffab3

  • SHA256

    4019b64f4e56579db8dffa67280aaf9e5aceef4cadae331069b74fa298303fcb

  • SHA512

    42efa8f7fd44c9a3b2bc2fe03893e6f0b9d5419e9146e4b8d511aeb262ecb16c5706687ccf5d541c60103512b521cebde6414ba43be45e604894010d4055c355

  • SSDEEP

    49152:iojjbb/La+W0fkvNWpiTOMxoYGQlAkxpP2vrXyVpUQN2xegT3Q/KOS5+lUDwNGKG:xX2kkvLoYGQlAkxpP2vrXyNoFYSyUim

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DragonAge3Inq+16Tr-LNG-v1.12\DragonAge3Inq+16Tr-LNG-v1.12.exe
    "C:\Users\Admin\AppData\Local\Temp\DragonAge3Inq+16Tr-LNG-v1.12\DragonAge3Inq+16Tr-LNG-v1.12.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:4960
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x40c 0x2f4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Bass.Net.dll
    Filesize

    632KB

    MD5

    ddc305fca2a8d80523ad8bc50996480b

    SHA1

    7bee723b565267aa355ad9f7f5cf17c74f2cce1f

    SHA256

    af9e46b70c7739547739ddfcdd56b7b218b5bda6e14c49bed3bbc08c2b867216

    SHA512

    acf2064d1b59d73cc5086f9a8c26a5e1fb7e7909e5460d3427d7681ee36709a568146000bbea9464fb173df474c58bda4f87bbbb759ea06ed2fd71d3c6bc0eea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bass.dll
    Filesize

    218KB

    MD5

    82dbc53c4e057ad941eb73aba212956e

    SHA1

    38a582ce5fbe03e8c5f040d82f89b4797e305860

    SHA256

    eda3f66eedc49ff9b9506c1ccf679a7822104c771eaab3afa367f0d6a2c9bbd5

    SHA512

    6f8e9082750c9cc8eb7bcaf7b7442f52ec55e2b712fff29a3a22868218fbfd605b594314e7be2720fd25f5a89d95774481177429de35acb48d023d39a2767781

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp3A3A.tmp
    Filesize

    832KB

    MD5

    6aab5c90d7c703ed4aefd5100c97fd22

    SHA1

    b6bb0a5614da9565d5ef2a5a23aa0aaa5bd5b3f0

    SHA256

    1b796196d9ae7b15507546d53a2b5aeae36e5b80e6291f02317f6fedab18d74a

    SHA512

    6c1c1cc6da08f49d15f6cbbadc81bdfaa4251d9ecc9321e0de474141534b42f2bc4c4ada053ace81e07635478f945d2266466f45f9e55c3c924c974d86c26251

    Download Submit

  • memory/4960-21-0x000000001CBC0000-0x000000001CC18000-memory.dmp

    Filesize

    352KB

    Download

  • memory/4960-1-0x0000000000C60000-0x00000000010C6000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4960-7-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-8-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-14-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-12-0x000000001D950000-0x000000001D9F2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/4960-3-0x000000001C1E0000-0x000000001C572000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/4960-0-0x00007FF950993000-0x00007FF950995000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4960-2-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-6-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-27-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-28-0x00007FF950993000-0x00007FF950995000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4960-29-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-30-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-31-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-32-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4960-33-0x00007FF950990000-0x00007FF951451000-memory.dmp

    Filesize

    10.8MB

    Download