Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

95a9f7060d...18.exe

windows7-x64

7

95a9f7060d...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...tn.dll

windows7-x64

3

$PLUGINSDI...tn.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

3

$PLUGINSDI...oc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_47_/Web/error.html

windows7-x64

1

$_47_/Web/error.html

windows10-2004-x64

1

Accelerator.dll

windows7-x64

1

Accelerator.dll

windows10-2004-x64

1

Basicsurvey.exe

windows7-x64

1

Basicsurvey.exe

windows10-2004-x64

1

MouseHook.dll

windows7-x64

1

MouseHook.dll

windows10-2004-x64

1

Socks.dll

windows7-x64

1

Socks.dll

windows10-2004-x64

1

gamebox.exe

windows7-x64

6

gamebox.exe

windows10-2004-x64

6

tabGame.exe

windows7-x64

1

tabGame.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gamebox.exe

  • Size

    2.1MB

  • MD5

    3bd4dd9dcef8070bf4a5c63eaf4e4fbb

  • SHA1

    3b478334cab0fdd4dfa3e204f3abdc82f74e0a5b

  • SHA256

    5fe2cb5db88b8c33b6f92add6b352b67e9a73797afa13d0da17a84aff38c2c14

  • SHA512

    7e55667839027b489c22b5666c736f38aea6b727c0078c52e064fec88e4fa3cba0ab55ab08d07f09678f00bc8bd8a3fbd8d7d2b0d3c373c6cca6063769861728

  • SSDEEP

    49152:DK0tPwL/4j8uHjFI4RiXiVUvThPBXH++kSteD5D121C7:ub4j8uRpRi7XH++kSU

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gamebox.exe
    "C:\Users\Admin\AppData\Local\Temp\gamebox.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\37games\gamebox\Lander.ini
    Filesize

    87B

    MD5

    ab971a5fc87357db8aaff502da2fae9a

    SHA1

    85aff012cb44314b07ff323d3344cc5774cbd853

    SHA256

    772f96261860378468f95d26846c6d42401a87c1f49d865261bbebc1e4438fbd

    SHA512

    d049b02f0d6e0e105fcc5862a05b603abffd82b3316231feb2eb415a008c289772f586bb03130311df0ff6a14fc905faa349408658604b3d043aeda2ba07abe6

    Download Submit

  • memory/4036-10-0x00000000000B0000-0x00000000000B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-2-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-3-0x0000000000040000-0x0000000000041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-5-0x0000000000060000-0x0000000000061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-4-0x0000000000050000-0x0000000000051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-6-0x0000000000070000-0x0000000000071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-7-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-8-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-1-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-9-0x00000000000A0000-0x00000000000A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-13-0x00000000000E0000-0x00000000000E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-12-0x00000000000D0000-0x00000000000D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-11-0x00000000000C0000-0x00000000000C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-14-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-15-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-16-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-17-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-18-0x0000000000130000-0x0000000000131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-19-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4036-0-0x0000000000010000-0x0000000000011000-memory.dmp

    Filesize

    4KB

    Download