Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/10/2024, 13:57

241017-q9mbwszfke 5

17/10/2024, 13:53

241017-q69ysatcmj 3

Analysis

  • max time kernel
    140s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2024, 13:53

General

  • Target

    gamebanned_2024_v1.zip

  • Size

    1.0MB

  • MD5

    f2f76c61e29007097869ada2ad9812dd

  • SHA1

    8921cead68fa88bbd30b58f28f79f081120bf1fd

  • SHA256

    7ba8dd69197379fc2fba05be5f2f20ef9ca7749d6c1bdcd2ba9d5de6e7598a20

  • SHA512

    8e1abc2204c6dc521129fec4f5f6c069e24b170223fb4f52b59dfa86604763e22daa297ad3be243b16c005a59722d82023b8d7aae763ee55eb7fb89d7036fac3

  • SSDEEP

    12288:TN9ZojhZExKZ0bnS9nAwuTPlubMoY+8U6XklFSlZfbRKQwOHGqbCYZdMYS3ETJxM:LZ8jWbSvAoT8elF+dLGqbCYYYSSxtgt

Score
1/10

Malware Config

Signatures

  • Modifies registry class 15 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\gamebanned_2024_v1.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2028
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3980
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4400
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\gamebanned_2024_v1\Hurtworld\bking"
      1⤵
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1376
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO065FFB78\version.txt
        2⤵
        • Opens file in notepad (likely ransom note)
        PID:2676
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3384
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO06506C88\.text
        2⤵
          PID:4092

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\7zO06506C88\.text

        Filesize

        159KB

        MD5

        7da6fccac94d51c3c6cd1dc9f9374cc1

        SHA1

        464c509231b5614ddbb46e70dc0f3d9980623e48

        SHA256

        4545eb7cba34da1ad8d0216a82719f9165d2a01051a5de4cce8ab04651163201

        SHA512

        b58f124b0363317dfbc2fef28953a7cbc1c434158816a901ee6984538d2a19a099b81a2da89ff490e9a4c1c1f81f7ae1715026eb048d5726d105fb8ec6c8e776

      • C:\Users\Admin\AppData\Local\Temp\7zO065FFB78\version.txt

        Filesize

        1KB

        MD5

        2b0b45af2b7b5567bf690dfa3b24fd19

        SHA1

        9a77af072c625b602786603070aba012f1feb2b9

        SHA256

        30cfcbebd15c2cb75cb7085fd00a770d048943fa9b8fad89338eda7cc3a95f08

        SHA512

        03409f27de3f0fc9d5152d59789292225d9dfcc899fdd26259899870d9f1a0f3ae43394d98b7037d6144292451802355c11a1589af05291c4034e343a64073b2

      • C:\Users\Admin\Desktop\gamebanned_2024_v1\Hurtworld\bking

        Filesize

        161KB

        MD5

        d4b00a911426084f614dfaeef71827f4

        SHA1

        69dc34efa9651221422bb367881e01073cf1a869

        SHA256

        449534a580989e797da5fced3a6a7f4c6981a2199b024b80e2136e8a8e2e97e1

        SHA512

        b69e76d0c9d2e740301f1a3c23529534f74ff062430e1191854a0bfdd5cf8eb7550f06887d5e62a6214fe47342149e168a1a2e095788f25e30ab122ae4ef0362