Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 13:43
Static task
static1
Behavioral task
behavioral1
Sample
bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe
Resource
win10v2004-20240508-en
General
-
Target
bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe
-
Size
15.3MB
-
MD5
136419c26d8fbb4ec467d23c8f90204a
-
SHA1
28c76117a07f87391ba8331967f0edabfe7822bd
-
SHA256
bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f
-
SHA512
0aafe98f531e8dc94121f67e7e0ef1f02e513b787a8774918440165b5c3426f5093414e56ef741a41aa0d9b6c64dba69380cee777f0b33d5ce00466c13f7ac8b
-
SSDEEP
393216:kL69RRXcxnycFn85tgCKcZrBU9GeCpjPo8qG2sX:keRYnyAggOrBMGTZwt9
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\H: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\S: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\M: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\K: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\I: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\Z: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\Y: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\R: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\O: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\N: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\J: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\G: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\E: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\X: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\T: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\P: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\Q: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\L: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\W: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\V: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe File opened (read-only) \??\U: bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3612 bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3612 bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe 3612 bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe"C:\Users\Admin\AppData\Local\Temp\bf1be133e8790303af5b5778df098d39421d129117426b45daf025c9099a7b7f.exe"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3612