Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Ball3.88.exe

windows7-x64

7

Ball3.88.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    152s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ball3.88.exe

  • Size

    699KB

  • MD5

    72ff65fbb08745a9670cd13403cba5b9

  • SHA1

    8b3c9eb1e8fc08a7e7eee7374f39c33079f55dbe

  • SHA256

    96455333e8c0b2e5829525fdbce5aaa33660ecbf98e4f3a06d57c45ebede4e8a

  • SHA512

    645300ed22898bdb9aed1b05eda21b0e4ca44e8a71a4d1fa293c730b24b84fb31af91ba89df9ff7d12ee08effc1c15404caef0e54a873924b599a0e6c93090d3

  • SSDEEP

    12288:VapniPIWZgavwA0yPUS4zVqBc26gyDUEbo5Hi4QPsa3nklOYnSi2uyG/3VOXspm:gpnigigaYA/gVXIyD1SHIsa3kY2+mO8Y

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ball3.88.exe
    "C:\Users\Admin\AppData\Local\Temp\Ball3.88.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Users\Admin\AppData\Local\Temp\is-45V1S.tmp\is-9DJUO.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-45V1S.tmp\is-9DJUO.tmp" /SL4 $601F0 "C:\Users\Admin\AppData\Local\Temp\Ball3.88.exe" 484609 52224
      2⤵
      • Executes dropped EXE
      PID:4204
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is-45V1S.tmp\is-9DJUO.tmp
      Filesize

      634KB

      MD5

      d291acbf9866b8846fe0629e690feb1a

      SHA1

      293314b11340d798d3c74e2416e2a43f267a25d6

      SHA256

      ab3e1fa210171e5ed2decc615c9328379ee3d29b55ee0e5d7ef6bece43f583eb

      SHA512

      320e68a67fdcf13dc25640cf68468abd9e0dc51b647f95277eebbd06c7c5ee298b1f68d4a01deb886979e42cbc3eddf16ac4db18884a96b1535598ba11ba36ed

      Download Submit

    • memory/2388-0-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2388-2-0x0000000000401000-0x000000000040A000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2388-7-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

      Download

    • memory/4204-8-0x0000000000400000-0x00000000004CD000-memory.dmp

      Filesize

      820KB

      Download

    • memory/4204-13-0x0000000000400000-0x00000000004CD000-memory.dmp

      Filesize

      820KB

      Download