Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
7BH2002/BH2002.exe
windows7-x64
8BH2002/BH2002.exe
windows10-2004-x64
1BH2002/BH2...H2.exe
windows7-x64
3BH2002/BH2...H2.exe
windows10-2004-x64
1BH2002/PlayGame.exe
windows7-x64
7BH2002/PlayGame.exe
windows10-2004-x64
7BH2002/RegSetup.exe
windows7-x64
1BH2002/RegSetup.exe
windows10-2004-x64
1BH2002/bh2.exe
windows7-x64
3BH2002/bh2.exe
windows10-2004-x64
1安装程序.exe
windows7-x64
7安装程序.exe
windows10-2004-x64
7Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 12:38
Behavioral task
behavioral1
Sample
BH2002/BH2002.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BH2002/BH2002.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
BH2002/BH2Game/BH2.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
BH2002/BH2Game/BH2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
BH2002/PlayGame.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
BH2002/PlayGame.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
BH2002/RegSetup.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
BH2002/RegSetup.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
BH2002/bh2.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
BH2002/bh2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
安装程序.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
安装程序.exe
Resource
win10v2004-20240426-en
General
-
Target
BH2002/BH2Game/BH2.exe
-
Size
245KB
-
MD5
fd49bb1623de9ae767d2ff0d91c731f7
-
SHA1
115ef947bdd6e8c4acaae685c8d99426b65be937
-
SHA256
01e51852a305a645a5c24877a792817352fca53b475913e88084568255a4b638
-
SHA512
caabaf5d3c2997782456b476600d987cbdaec0ba8f54a26ce0517740a34fea36c6e3a8a293291111b674adad1c81b09f5b438ee9b52b005f8875e2c848c259b2
-
SSDEEP
3072:OxjPTOKZBLCm4fWeHOQD31wvO3yaI2SkDI8Off825+s3wwc33Rg8bTCqW7kbcRg:GjPTHZiFWIAl8Off93wwi/CqWQbc
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3916 BH2.exe 3916 BH2.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3916 BH2.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 3496 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3496 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\BH2002\BH2Game\BH2.exe"C:\Users\Admin\AppData\Local\Temp\BH2002\BH2Game\BH2.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:3916
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4a0 0x50c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3496