Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
7BH2002/BH2002.exe
windows7-x64
8BH2002/BH2002.exe
windows10-2004-x64
1BH2002/BH2...H2.exe
windows7-x64
3BH2002/BH2...H2.exe
windows10-2004-x64
1BH2002/PlayGame.exe
windows7-x64
7BH2002/PlayGame.exe
windows10-2004-x64
7BH2002/RegSetup.exe
windows7-x64
1BH2002/RegSetup.exe
windows10-2004-x64
1BH2002/bh2.exe
windows7-x64
3BH2002/bh2.exe
windows10-2004-x64
1安装程序.exe
windows7-x64
7安装程序.exe
windows10-2004-x64
7Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 12:38
Behavioral task
behavioral1
Sample
BH2002/BH2002.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BH2002/BH2002.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
BH2002/BH2Game/BH2.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
BH2002/BH2Game/BH2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
BH2002/PlayGame.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
BH2002/PlayGame.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
BH2002/RegSetup.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
BH2002/RegSetup.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
BH2002/bh2.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
BH2002/bh2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
安装程序.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
安装程序.exe
Resource
win10v2004-20240426-en
General
-
Target
BH2002/BH2002.exe
-
Size
28KB
-
MD5
d0d456759ea4ac29c4e0f6765c4736b7
-
SHA1
182f9650c34006185c6a459e188cf931c952d420
-
SHA256
b4a061f6ccd0b45be67a8725c3e0c33beaeeb4a6a685ac96cba8947330bec94a
-
SHA512
701505608bf5585e2811f6efb92aaa1319b5fedbfaaf29280bc0875059765895213acf6aa25677bb1bb400570763145bef95fcd216193ab93a3d48295d72ede9
-
SSDEEP
384:e+evThZNl951Aml8XdM4yyXQJ8mVh+jMoXF7FJtKD:errhjlH1IyaQxVh+jMoXF
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4548 BH2.EWS 4548 BH2.EWS -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4548 BH2.EWS -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 3488 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3488 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4548 BH2.EWS 4548 BH2.EWS 4548 BH2.EWS -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2864 wrote to memory of 4548 2864 BH2002.exe 80 PID 2864 wrote to memory of 4548 2864 BH2002.exe 80 PID 2864 wrote to memory of 4548 2864 BH2002.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\BH2002\BH2002.exe"C:\Users\Admin\AppData\Local\Temp\BH2002\BH2002.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2864 -
C:\Users\Admin\AppData\Local\Temp\BH2002\BH2.EWSintro2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4548
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x538 0x5341⤵
- Suspicious use of AdjustPrivilegeToken
PID:3488
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
450B
MD546f41e004709c7db1cb81d77d89df1ba
SHA1e08f33bb3d5acd91d9b962b824f663372a820e32
SHA256ad4b1821ecd6f8690f7169a2b120e775dac1c65b185ecada1ddddc41b6fb8c60
SHA5127a7d7b0a09baab6278f70edf0a5d7dcc591f7d0cd790247331d2ee1590700baad2358c6cd6cc7e3ec1b54733d10d521fdc011771bd4cdabb4d9f0dd7926342e1