Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

gamebanned...v1.zip

windows7-x64

1

gamebanned...v1.zip

windows10-2004-x64

5

gamebanned...rp.dll

windows7-x64

1

gamebanned...rp.dll

windows10-2004-x64

1

gamebanned...ng.dll

windows7-x64

1

gamebanned...ng.dll

windows10-2004-x64

1

Resubmissions

17/10/2024, 13:57

241017-q9mbwszfke 5

17/10/2024, 13:53

241017-q69ysatcmj 3

Analysis

  • max time kernel
    432s
  • max time network
    433s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2024, 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gamebanned_2024_v1.zip

  • Size

    1.0MB

  • MD5

    f2f76c61e29007097869ada2ad9812dd

  • SHA1

    8921cead68fa88bbd30b58f28f79f081120bf1fd

  • SHA256

    7ba8dd69197379fc2fba05be5f2f20ef9ca7749d6c1bdcd2ba9d5de6e7598a20

  • SHA512

    8e1abc2204c6dc521129fec4f5f6c069e24b170223fb4f52b59dfa86604763e22daa297ad3be243b16c005a59722d82023b8d7aae763ee55eb7fb89d7036fac3

  • SSDEEP

    12288:TN9ZojhZExKZ0bnS9nAwuTPlubMoY+8U6XklFSlZfbRKQwOHGqbCYZdMYS3ETJxM:LZ8jWbSvAoT8elF+dLGqbCYYYSSxtgt

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 11 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 32 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\gamebanned_2024_v1.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5116
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4056
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4488
  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ShowExit.jpg" /ForceBootstrapPaint3D
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3544
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
    1⤵
    • Drops file in System32 directory
    PID:3636
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1628
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\CloseWatch.dot"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4816
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3280
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Assembly-CSharp.dll
      2⤵
        PID:2164

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
      Filesize

      347B

      MD5

      fc5d61814e5efe846e6620775a026e43

      SHA1

      aa350323c5090ba67531d571e6c831ac76d8c69b

      SHA256

      a6c5818c4bf816cb23cd9b7e07c239e352e19efbd2a5bed2b8bfa6aaa3fb121c

      SHA512

      e40f4b9e3bf02f80ad859d2f7ec2f4c2f02a5ea2c3350b22aa01a26be963414a394f2c658797bfcef30815be4ebe2eec4cfda0f381b51148a2b61429b5ab30c7

      Download Submit

    • C:\Users\Admin\Desktop\Assembly-CSharp.dll
      Filesize

      2.7MB

      MD5

      78c278a6954af7b2892e4da62d90ecd7

      SHA1

      b591429f9ce96283f91e00349cb6731bc0ac4d9e

      SHA256

      cb8b43a421926fbbb212295e197daf21cfd0003ee3ba18042e4d380183b434a9

      SHA512

      5c7405e9757edd92dfd625c7ef70545b418e3915294b18fe41d9cfb5820be5ce5a82b9e0709fff81e0e04080c7072082b7c937af00496b50f00277197e129db5

      Download Submit

    • memory/3636-2-0x000001E0D1590000-0x000001E0D15A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3636-13-0x000001E0DA120000-0x000001E0DA121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-15-0x000001E0DA1A0000-0x000001E0DA1A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-17-0x000001E0DA1A0000-0x000001E0DA1A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-18-0x000001E0DA230000-0x000001E0DA231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-19-0x000001E0DA230000-0x000001E0DA231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-20-0x000001E0DA240000-0x000001E0DA241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-21-0x000001E0DA240000-0x000001E0DA241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-6-0x000001E0D1E60000-0x000001E0D1E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-25-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-26-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-27-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-28-0x00007FF8DD420000-0x00007FF8DD430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-29-0x00007FF8DD420000-0x00007FF8DD430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-24-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-76-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-78-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-79-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-77-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4816-23-0x00007FF8DFBD0000-0x00007FF8DFBE0000-memory.dmp

      Filesize

      64KB

      Download