Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Boleto-10-2011.exe

windows7-x64

10

Boleto-10-2011.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Boleto-10-2011.exe

  • Size

    353KB

  • MD5

    681abf81004f57b2930a7fade361c160

  • SHA1

    43707fceb0fda0045e2ad1522375f66a25a9a5ad

  • SHA256

    7e07c36e47c45f16faf8f41e4805396dc99445a3c563258d9a6ed65b638e073a

  • SHA512

    15ad726644ffb33279afe2beef362de6f077247e6487b589bcffebb45ab00608286448d0d02c16ef4c3c486dee374e9fc95988641f3c4702be7e442494178585

  • SSDEEP

    6144:uAkg2vhVMaJTXPiap/ZMUxgdUCxlZn+aC1meyUGimMxSkOZbX:u02ZVvx6aTMLX/5W1meyUGp8POt

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 3 IoCs
  • Modifies registry key 1 TTPs 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Boleto-10-2011.exe
    "C:\Users\Admin\AppData\Local\Temp\Boleto-10-2011.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3100
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Nreg.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3812
      • C:\Windows\SysWOW64\reg.exe
        REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RDSound /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Huawei3g.exe" /f
        3⤵
        • Adds Run key to start application
        • Modifies registry key
        PID:2784
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\NUac.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\System32\cmd.exe /k C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1932
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
          4⤵
          • UAC bypass
          • Modifies registry key
          PID:4132
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:4660
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3940 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\NUac.bat
      Filesize

      164B

      MD5

      c80c14c9b9ffd63a2ed8037940d75103

      SHA1

      3f24e10b213bd483067709c8c4f7b75c29464eff

      SHA256

      236f2acb03d56106f0e6b693108f25ed2eb9b7d0503a84e6948e797f8c15dd6b

      SHA512

      f51619a769fc86bc091bd1a534c6cac5d8c426ddd9784fd98bb23b7f0c699fcc473722dffa1196391c3e92f4647ce96de4b3326c25f49014552b0346a6f4e2c9

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Nreg.bat
      Filesize

      118B

      MD5

      c515911f3c9c95c71397ec270d03dc09

      SHA1

      5ed1e95629a721abeb30666d699798fe8d3399a3

      SHA256

      07589b5e7fa05ac15a19128dab9bbedcd485492f7e41b3bbcc97a6430610265c

      SHA512

      055617212f73e2b32ba13ea6d5c114c38c9a9d633d797f16fa7aacf121b68b44e93700a632f21f37ad805df4157b93aab9dc4dbe9662863444aece3449c0d367

      Download Submit

    • C:\Users\Admin\AppData\Roaming\sunjunSan.dll
      Filesize

      129KB

      MD5

      073bea567f124dc7454897430b79a865

      SHA1

      88b02e94559e907c824ef8c208095652220aef01

      SHA256

      871edddb9774bb7a7f247418e75f3692f9297207df6d94bc749a0b2b745f2402

      SHA512

      5f038bae6bcb5c8e504d1d26ada43920ca83d0a9fd1fa1d1c428fceb09783946c48f07d0b11c00cfc9d2764e26a0cc9b91738a1f3de586a861a403ce171acd1a

      Download Submit

    • memory/3100-8-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-55-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-11-0x00000000007E0000-0x00000000007E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-10-0x00000000007F0000-0x00000000007F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-9-0x00000000006C0000-0x00000000006C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-0-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-7-0x00000000006A0000-0x00000000006A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-6-0x0000000000680000-0x0000000000681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-5-0x0000000002240000-0x0000000002241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-4-0x00000000006B0000-0x00000000006B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-3-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-2-0x0000000002280000-0x0000000002281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-13-0x0000000000810000-0x0000000000811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-14-0x0000000002220000-0x0000000002221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-12-0x0000000000820000-0x0000000000821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3100-24-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-57-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-43-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-53-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-54-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-36-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-56-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-1-0x0000000002230000-0x0000000002232000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3100-58-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-59-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-60-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-61-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-62-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-63-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3100-64-0x0000000000400000-0x00000000004DC000-memory.dmp

      Filesize

      880KB

      Download