Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 12:38

General

  • Target

    BH2002/PlayGame.exe

  • Size

    2.4MB

  • MD5

    ac64a4f2426a765c35e82ca6a82a410f

  • SHA1

    592eac781e50844db658acbff3868290bf5611b7

  • SHA256

    81667874b90ba0d18ec480aaa21e950ff51991195b7808042c29055b501c638d

  • SHA512

    27e09e34f8a4df2b098695630095d299cb73dfa39501c9746108508dde3675551a19c9ecc4e4ca65fc9231e38f2c651968d4919446e5fd038375676890203a9d

  • SSDEEP

    49152:BO5oWaKv+hyz8grnkQfKEUSKwmsDExssYDcv2p8:BEv7z8iCUD6Mc2i

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
  • Modifies registry class 38 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BH2002\PlayGame.exe
    "C:\Users\Admin\AppData\Local\Temp\BH2002\PlayGame.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:2056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\softmain[1].css

    Filesize

    7KB

    MD5

    729aa1f32dc5fe22bc67e7d73895c9c5

    SHA1

    bd90148bf8c4c47c9639826bde9d2341423dfa73

    SHA256

    c62bf9e3e8def17b145ee84add6b6f62ec972fd3609dc2a4bf175a2c4b9dbb02

    SHA512

    813a6d68fbe51a01d3f148a298cdcbf83b7404c895349b6dc42204f29b63bf50ff13d0ff43938a75f6b00dcdd6ea40c422cf8464807a722f387a37b9539aa720

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\softui[1].js

    Filesize

    1KB

    MD5

    b9582f731eda9c4b2d967fc6d0cd3c02

    SHA1

    bc79c5b327762f3f3cfb0045c5098f26bdf94ef9

    SHA256

    de223f2810d08af3ef852c54ad26381998ad6a50fe75142eb505ff8f7058ae36

    SHA512

    f348ea4e0e129a49fd1cb48fe34bf9cabbd2bfea3167a6fa7d0b91e993711bf19df0d158a4d81ce371516d4ebdb7d25de770e3a1fe59b2258245f203ed83e85a

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\rank[1].htm

    Filesize

    162B

    MD5

    4f8e702cc244ec5d4de32740c0ecbd97

    SHA1

    3adb1f02d5b6054de0046e367c1d687b6cdf7aff

    SHA256

    9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

    SHA512

    21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

  • C:\Users\Admin\AppData\Local\Temp\BH2002\rungame.ini

    Filesize

    352B

    MD5

    ed3e41f51455e531a87c3d763627d29c

    SHA1

    c476a4f0e1e0f5c0bd1a4336b1ecf2d06a95db4b

    SHA256

    9b1bb7e5ca961d23b60528b440131d3c95e82f6ff5899e6dc92bf30e9521cf25

    SHA512

    44298934aec280a8014fca361d9fb1477bef7b93df81955bd5d348158e4a00a7019f72f62781643c9e3d8c6bc2622602d59407bf35fa5093db7ffe17c70d1b34

  • \Users\Admin\AppData\Local\Temp\BH2002\Greening.dll

    Filesize

    263KB

    MD5

    82ccb4dd63833063abd1c56ea80b529a

    SHA1

    bd89dae631cb68e5fa0c53accc83881f7cd365b3

    SHA256

    e3dccccc8f63981e528b0823a149f234bfd7cb56a23618f5004e379f8ada7183

    SHA512

    c908c553b7b9b7053c5938e20fe3ff97591097c3237554da3197b4d078b24cd12a5bb01597347652c422aaa920e86dc38a3776b96a6cfd46222798a3f8036867

  • \Users\Admin\AppData\Local\Temp\BH2002\aqhttp.dll

    Filesize

    276KB

    MD5

    3c9ec661f20ee6ca4bb17cfe7c0a5174

    SHA1

    9b9cbfe0e640d7e97c9c6caa5eb5fa9160cfcfe3

    SHA256

    71fd49b5c6af695e92eea36794025fca1b629cba62be6a5cdaf37648dd412c98

    SHA512

    2eebe718992a392c9a57a99cd3414e3a52fd14f06d52974d7700d57d9cf6dffafe80061f6f872edd4173982eabb95abbd99694760ce3fb35377513a8cf13ca5a

  • memory/2056-27-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

    Filesize

    64KB

  • memory/2056-0-0x0000000000400000-0x0000000000791000-memory.dmp

    Filesize

    3.6MB

  • memory/2056-59-0x0000000000400000-0x0000000000791000-memory.dmp

    Filesize

    3.6MB

  • memory/2056-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/2056-117-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/2056-119-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

    Filesize

    64KB

  • memory/2056-121-0x0000000000400000-0x0000000000791000-memory.dmp

    Filesize

    3.6MB