Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 12:38

General

  • Target

    BH2002/PlayGame.exe

  • Size

    2.4MB

  • MD5

    ac64a4f2426a765c35e82ca6a82a410f

  • SHA1

    592eac781e50844db658acbff3868290bf5611b7

  • SHA256

    81667874b90ba0d18ec480aaa21e950ff51991195b7808042c29055b501c638d

  • SHA512

    27e09e34f8a4df2b098695630095d299cb73dfa39501c9746108508dde3675551a19c9ecc4e4ca65fc9231e38f2c651968d4919446e5fd038375676890203a9d

  • SSDEEP

    49152:BO5oWaKv+hyz8grnkQfKEUSKwmsDExssYDcv2p8:BEv7z8iCUD6Mc2i

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 38 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BH2002\PlayGame.exe
    "C:\Users\Admin\AppData\Local\Temp\BH2002\PlayGame.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2920
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=1960 /prefetch:8
    1⤵
      PID:2708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\BH2002\Greening.dll

      Filesize

      263KB

      MD5

      82ccb4dd63833063abd1c56ea80b529a

      SHA1

      bd89dae631cb68e5fa0c53accc83881f7cd365b3

      SHA256

      e3dccccc8f63981e528b0823a149f234bfd7cb56a23618f5004e379f8ada7183

      SHA512

      c908c553b7b9b7053c5938e20fe3ff97591097c3237554da3197b4d078b24cd12a5bb01597347652c422aaa920e86dc38a3776b96a6cfd46222798a3f8036867

    • C:\Users\Admin\AppData\Local\Temp\BH2002\aqhttp.dll

      Filesize

      276KB

      MD5

      3c9ec661f20ee6ca4bb17cfe7c0a5174

      SHA1

      9b9cbfe0e640d7e97c9c6caa5eb5fa9160cfcfe3

      SHA256

      71fd49b5c6af695e92eea36794025fca1b629cba62be6a5cdaf37648dd412c98

      SHA512

      2eebe718992a392c9a57a99cd3414e3a52fd14f06d52974d7700d57d9cf6dffafe80061f6f872edd4173982eabb95abbd99694760ce3fb35377513a8cf13ca5a

    • C:\Users\Admin\AppData\Local\Temp\BH2002\rungame.ini

      Filesize

      352B

      MD5

      1811a2a6ddd36df1f846f4eaa826cb4e

      SHA1

      edef399fed5ff6647d17ed37834e3eda45650a2f

      SHA256

      0b9842a6b7dbebd68ad9b29dec74a0caa32ff884c202cc52fb72a501b2a9144f

      SHA512

      6ba63c6d2c29f630431b666b822177216104cc877bb11acfaeb56caaf60836e89fa693b7f6016ed3f4878a769012ccb3319959bf111ca4484350f2cf0924aaa1

    • memory/2920-0-0x0000000000400000-0x0000000000791000-memory.dmp

      Filesize

      3.6MB

    • memory/2920-1-0x0000000000830000-0x0000000000831000-memory.dmp

      Filesize

      4KB

    • memory/2920-37-0x0000000000400000-0x0000000000791000-memory.dmp

      Filesize

      3.6MB

    • memory/2920-39-0x0000000000830000-0x0000000000831000-memory.dmp

      Filesize

      4KB