Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3CoinBase C...er.exe
windows10-2004-x64
8CoinBase C...er.exe
windows11-21h2-x64
8CoinBase C...32.dll
windows10-2004-x64
3CoinBase C...32.dll
windows11-21h2-x64
3CoinBase C...71.dll
windows10-2004-x64
3CoinBase C...71.dll
windows11-21h2-x64
3CoinBase C...32.dll
windows10-2004-x64
3CoinBase C...32.dll
windows11-21h2-x64
3CoinBase C...ip.dll
windows10-2004-x64
1CoinBase C...ip.dll
windows11-21h2-x64
1CoinBase C...er.exe
windows10-2004-x64
8CoinBase C...er.exe
windows11-21h2-x64
8CoinBase C...32.exe
windows10-2004-x64
3CoinBase C...32.exe
windows11-21h2-x64
3CoinBase C...32.dll
windows10-2004-x64
3CoinBase C...32.dll
windows11-21h2-x64
CoinBase C...71.dll
windows10-2004-x64
3CoinBase C...71.dll
windows11-21h2-x64
3CoinBase C...32.dll
windows10-2004-x64
3CoinBase C...32.dll
windows11-21h2-x64
3Analysis
-
max time kernel
148s -
max time network
103s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
27/07/2024, 21:35
Static task
static1
Behavioral task
behavioral1
Sample
CoinBase Checker/CoinBase Checker/CoinBase Checker.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
CoinBase Checker/CoinBase Checker/CoinBase Checker.exe
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
CoinBase Checker/CoinBase Checker/libeay32.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
CoinBase Checker/CoinBase Checker/libeay32.dll
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
CoinBase Checker/CoinBase Checker/msvcr71.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
CoinBase Checker/CoinBase Checker/msvcr71.dll
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
CoinBase Checker/CoinBase Checker/ssleay32.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
CoinBase Checker/CoinBase Checker/ssleay32.dll
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
CoinBase Checker/CoinBase Checker/sync/Ionic.Zip.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
CoinBase Checker/CoinBase Checker/sync/Ionic.Zip.dll
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
CoinBase Checker/CoinBase Checker/sync/Launcher.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
CoinBase Checker/CoinBase Checker/sync/Launcher.exe
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
CoinBase Checker/CoinBase Checker/sync/cb32.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
CoinBase Checker/CoinBase Checker/sync/cb32.exe
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
CoinBase Checker/CoinBase Checker/sync/libeay32.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
CoinBase Checker/CoinBase Checker/sync/libeay32.dll
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
CoinBase Checker/CoinBase Checker/sync/msvcr71.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
CoinBase Checker/CoinBase Checker/sync/msvcr71.dll
Resource
win11-20240709-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
CoinBase Checker/CoinBase Checker/sync/ssleay32.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
CoinBase Checker/CoinBase Checker/sync/ssleay32.dll
Resource
win11-20240709-en
windows11-21h2-x64
General
-
Target
CoinBase Checker/CoinBase Checker/sync/cb32.exe
-
Size
4.2MB
-
MD5
1950868bb340538645dd1bde7b26f9e3
-
SHA1
734f1868c6798ce73f3746b7965534ad081e6a44
-
SHA256
b922dbb6fcee110d03ac9abbd9a158f69e8b02edcd01117bdf2851b523c3965c
-
SHA512
f7e6bf2203afb68d56e1a8a1806333987ec4533b51a0739a886c5529d49dcd37f6110e909af32e158741022b05f742535859b147fd1a2abfac23d9be7c048cb0
-
SSDEEP
49152:20PF9KvY5EloSNBjNdkHfsiUD/Y6ohiqgDWfkqS/kfJTuTQlvjeQlzA5WBcShauh:20PSv+B6ohikf0/2lviosWhharV1/
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cb32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1496 cb32.exe 1496 cb32.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
pid Process 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe -
Suspicious use of SendNotifyMessage 53 IoCs
pid Process 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe 1496 cb32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1496 cb32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CoinBase Checker\CoinBase Checker\sync\cb32.exe"C:\Users\Admin\AppData\Local\Temp\CoinBase Checker\CoinBase Checker\sync\cb32.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1496