Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

28/07/2024, 01:07

240728-bgph8aygjp 7

Analysis

  • max time kernel
    66s
  • max time network
    79s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/07/2024, 01:07

General

  • Target

    Bloxstrap.exe

  • Size

    10.3MB

  • MD5

    ad8f7c62a4e70a5c0fdc57ae7b8a87c5

  • SHA1

    7275528f291ab3c3dd24e25e4dee0c7446e9b7c6

  • SHA256

    3cc8f7a93dc2fc176955af0d0b204f7c7323f767e99ed43a804547e2d5abd24b

  • SHA512

    23d669bdd78b3be8fba23ac02fad4de21dd0a03cd88bca344258d17af8f602e1fe3bbc2dce377e10b3319651346bf545b82ecdc7cd0ad507784223b282c4d26b

  • SSDEEP

    98304:xvd5Dsd5DkbTsed5D8+Da65vGWD35RGOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrz:xXspAvGURGObAbN0Q

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bloxstrap.exe
    "C:\Users\Admin\AppData\Local\Temp\Bloxstrap.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2676
    • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install
      2⤵
        PID:5884
        • C:\Program Files (x86)\Microsoft\Temp\EU5A1C.tmp\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\Temp\EU5A1C.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
          3⤵
            PID:4864

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

        Filesize

        1.5MB

        MD5

        610b1b60dc8729bad759c92f82ee2804

        SHA1

        9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

        SHA256

        921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

        SHA512

        0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

        Filesize

        581KB

        MD5

        5cd490ccc1b6540f7e8e6b9d82d081d9

        SHA1

        71fd67f9c5865b928f79934d6178595d940a98b4

        SHA256

        2d14e46a5e4f2f0e6fe1efa0a4582d5d31a7d125c419e7e09df358131161eca2

        SHA512

        e7e38946286d8e2a6f9b4a28869f6cf550a7eb0bd9a1dd01cea30034b0de17ba8167e1aa3122da345ecfe8e2bfbfe98f550b1f609e936f5fa8dacbd6ab0772f2

      • memory/2676-0-0x00007FFB22C7B000-0x00007FFB22C7C000-memory.dmp

        Filesize

        4KB

      • memory/2676-3-0x00007FFB22C7B000-0x00007FFB22C7C000-memory.dmp

        Filesize

        4KB