Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

bazaar.202...ge.exe

windows7-x64

3

bazaar.202...ge.exe

windows11-21h2-x64

1

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows11-21h2-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows11-21h2-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows11-21h2-x64

10

Resubmissions

15/09/2024, 22:00

240915-1wpj7svapc 10

15/09/2024, 21:56

240915-1tbwbsthne 10

20/08/2024, 13:49

240820-q4v2vayfmp 10

Analysis

  • max time kernel
    1197s
  • max time network
    841s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.exe

  • Size

    16KB

  • MD5

    fc8f4e31d85e796c1efe9b0fabeed23a

  • SHA1

    e15233a69c32761d8ad0e293ce1ed2e1162d5647

  • SHA256

    c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096

  • SHA512

    36e40d94711c82fb1669e3143d63833a3f7ad1b0ea8dae00287cbcdfd154135a3d7042702e4900193d0dcae94b0d03f7b6a9fb545e20c709fd4fb4a1cae95351

  • SSDEEP

    384:sxF6Mj9VnRq2Rj9oM+bYO+4kr9oDPlMNcLlb5sVKdyS5Ct:sxF6Mj9V5bDclMNE9o

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\HEUR-Backdoor.MSIL.Revenge.exe
    "C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\HEUR-Backdoor.MSIL.Revenge.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1720
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2396
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      74b795b1738c52e7f30b3062e6bda45c

      SHA1

      7a4ac08b5cb5afd8aee21c1e2c6d4f46c752613a

      SHA256

      94fc99f94578b144fede514f77f54c526b6fad56fcdd9acba44d23019599dc9a

      SHA512

      613c27f73e5b4f88ab18bbd150598f39f2fa4dcc546a0c084036b1145c0680c8ffc7a864abc0a266adda04a8100d4289c2497e228acd01814fd15d8db3bf3953

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4305880ae714b53d6f00ee2e41543c5

      SHA1

      0fa8f896ea13c70438f502a73eacdfbe43e2148a

      SHA256

      fbb2287e1ca6598e094f3e1aa5ccd26d82dac568d946702c2a06ad6a6ee84b7c

      SHA512

      dc71698a1cf366061d93b32839d3c22ec509d01c6e346cce3ae8ed7cbe5390e7af4f44b54f93936860afd6b217340e178217a9b6a381a83e438f2e20a30ac89b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c14f227f3ffc2871771c1f991fc3b7e0

      SHA1

      2e8465977256bccc1a0f21d7de614ed920a312d5

      SHA256

      54e5c9f0a1e5e86fd9797df7ee816d72a246f2b22c8a6c3ae14f4727f8daa007

      SHA512

      2ded931c168ff55c0878891f90c6cea313f9dc771be0f9a2fb1a23c3d38ed301f585a334bfa4445da92909234b911d171acf1a9836e5dbd98ec111c7bb1e9578

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dd556ccae8deef1118111649c561c06b

      SHA1

      49091c22dbaced5aadd286e03c5df2a4c71c27a3

      SHA256

      2004c879bf16ea04b2065b2d81f081f5d8b00f3bb9c923080d2ec5ff20d634bf

      SHA512

      9885a8d61be79bd7ad8f2c0de1ccdf77efbbd0c175e644f6375d034e4a4c8ab79564171feed5e3e6e26dd7882470595364b9f21615bff6307a31cec280e4f937

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7380655609864de4a1a98fde17dbf172

      SHA1

      480e3d59b438c7af59d45ed8a53b7e2a2ac20df1

      SHA256

      721dfc5d05bb76c5922279412570cb8db4c83646c1ec722b97468a7ff841ec8c

      SHA512

      c20a38babf1631ad7408317a0081b97b82a570f93e36974731506b8a2c69c0bd19fb4bbe86190b9c101b047ffd245be15452581a1072284787d658abe5d42e77

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      769ecd4493a515e1560d369354e9884e

      SHA1

      efbf8a666ab7226f52a882685095d5e51ba3e9f8

      SHA256

      8413e59fea08764bde670c962aa498a05cb39266961c3831248791f9923a7b2a

      SHA512

      02475440f64205801eb2f7cf0f05e22b09b10960b1bf10b084274e057dce974f6f31567efb185f923780022b5dc9dead02a66aed833c19008eb62ff104addd6c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e33f3eab01cda361812560906117034b

      SHA1

      f46fcf40a2c801466cd41e01e704c9ff1f340c32

      SHA256

      c14114aa614eb518042e6df0ecc1b7010408cf20c2ea73ea0a4b27271a242371

      SHA512

      4b25e399599801824f165bdf9bc39b4a0eb7d0db9a3e0fea4c3a30503f82e51f03d7f8c8db389b1fe9ee5fa93865fbb57a0dcc83b53aefdc541ba1b9da792004

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b77a770db30e32dbac7506fc2ebafc1

      SHA1

      fbb46a8686239fb9f7983b9d0405c5cc8a965316

      SHA256

      dadb1c7dadf4f1a0a08256a22d22924bc6f387c19f5ff03e0a90682f15aee693

      SHA512

      21a3223d727acabed7db572f1799141d620bc12e9803c55497f9681d2128d8054de68e9504eb920671632b6db4ede5ea56ca888f38f790ee84d9b2ac001fa6d9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8ba7d03b797f110496d5f66e77a5d0e1

      SHA1

      cf14956f18795fd8bbcc4762d0a88a62472f4c49

      SHA256

      3de9fb32f429d7ff904d49d6a7c41e66220ebcb6adc38640b05327a51dcea7b1

      SHA512

      dcb32b6a542f255c41b63c07f3abcc4b670857429474a30ef18c666888dae9b0742e19293a75f5563f838ef17a7102cdb27565c035feb9888c7479b6e455dfed

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6099.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar6158.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF3406AB9D75767DBE.TMP
      Filesize

      16KB

      MD5

      9041488ac23fb863e24470e89f576348

      SHA1

      135dc2eb469ebd194c031fff749fccde46fd3bb4

      SHA256

      be3556703af6a95cc94042019724714285d93d35d590e14dfece46bbe4c16ced

      SHA512

      7b8d962ffeebe25959b520e30756a99346b3ecfe6da409ebcafa9697bd3c7fd30133b45b420f3e5f38e20621ab2a82ac1943825123ac3a76110b10c1469eeaa0

      Download Submit

    • memory/1720-0-0x000007FEF53FE000-0x000007FEF53FF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1720-5-0x000007FEF5140000-0x000007FEF5ADD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1720-4-0x000007FEF53FE000-0x000007FEF53FF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1720-3-0x000007FEF5140000-0x000007FEF5ADD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1720-2-0x000007FEF5140000-0x000007FEF5ADD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1720-1-0x000007FEF5140000-0x000007FEF5ADD000-memory.dmp

      Filesize

      9.6MB

      Download