Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
5Static
static
3boostbot.rar
windows7-x64
3boostbot.rar
windows10-2004-x64
3OpenMe.exe
windows7-x64
5OpenMe.exe
windows10-2004-x64
5boostbot.exe
windows7-x64
1boostbot.exe
windows10-2004-x64
1libcurl.dll
windows7-x64
1libcurl.dll
windows10-2004-x64
1zlib1.dll
windows7-x64
1zlib1.dll
windows10-2004-x64
1Analysis
-
max time kernel
31s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
10/08/2024, 01:25
Static task
static1
Behavioral task
behavioral1
Sample
boostbot.rar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
boostbot.rar
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
OpenMe.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
OpenMe.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
boostbot.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
boostbot.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
libcurl.dll
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
libcurl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
zlib1.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
zlib1.dll
Resource
win10v2004-20240802-en
General
-
Target
OpenMe.exe
-
Size
21.3MB
-
MD5
6846908b223e58f24f7e224d9d402225
-
SHA1
7fde424cacf6c5766db7d24dc5e03ecfd2898d15
-
SHA256
55d8eee45262b53bef2f2391a01b723e019b95e87145d32fb18fce3eb9063cfd
-
SHA512
156436f2e45b7e01d5cc52ef283ae155f694fdc1babdf06f77a1c0e43532ec2d436e30a520cf05817804b99525fcc349af6d37b8800e207485001bff7ed2b0ae
-
SSDEEP
393216:2itMU6rX/ULYPDFYN4OgVKikmWekMIqS3r+6qhFsbo:2icX/Uo5YN4OakmWekMKr+6cqbo
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2556 OpenMe.exe 2556 OpenMe.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2556 OpenMe.exe 2556 OpenMe.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2556 wrote to memory of 2292 2556 OpenMe.exe 30 PID 2556 wrote to memory of 2292 2556 OpenMe.exe 30 PID 2556 wrote to memory of 2292 2556 OpenMe.exe 30 PID 2556 wrote to memory of 2292 2556 OpenMe.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\OpenMe.exe"C:\Users\Admin\AppData\Local\Temp\OpenMe.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Users\Admin\AppData\Local\Temp\boostbot.exe"C:\Users\Admin\AppData\Local\Temp\boostbot.exe"2⤵PID:2292
-