Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
30s -
max time network
27s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
28/10/2024, 17:19
General
-
Target
b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6.dll
-
Size
155KB
-
MD5
59b7b8d29252a9128536fbd08d24375f
-
SHA1
7221b9125608a54f9dd706166f936c16ee23164a
-
SHA256
b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6
-
SHA512
70431e0bf3759194cd50f6b567f6de7c908d13a444d14e7b35edf10fd88f16e6fe8bf0899307c7215f1ee80ff8e5909211864f4184053d9fa5bf9ec22b1d9cd4
-
SSDEEP
3072:0lCt2jrijQEjnMUWzsjhVPbuGHUluQj6vkZD4vP5iZWyPr:QCIrijNMv6XPbr0kulr
Malware Config
Extracted
warmcookie
72.5.43.29
-
mutex
7d0cec31-c3bc-4593-ad4a-8c140904383e
-
user_agent
Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)
Signatures
-
Warmcookie family
-
Warmcookie, Badspace
Warmcookie aka Badspace is a backdoor written in C++.
-
Blocklisted process makes network request 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Drops file in System32 directory 3 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6.dll1⤵
- Drops file in Windows directory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\ProgramData\Zagaran Software\Updater.dll",Start /u1⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
155KB
MD559b7b8d29252a9128536fbd08d24375f
SHA17221b9125608a54f9dd706166f936c16ee23164a
SHA256b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6
SHA51270431e0bf3759194cd50f6b567f6de7c908d13a444d14e7b35edf10fd88f16e6fe8bf0899307c7215f1ee80ff8e5909211864f4184053d9fa5bf9ec22b1d9cd4