Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

30/12/2024, 00:00

241230-aagpcs1lgt 10

29/12/2024, 23:59

241229-31rw8s1lhm 10

25/12/2024, 13:51

241225-q5yjcsvjcw 10

Analysis

  • max time kernel
    719s
  • max time network
    728s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2024, 00:00

General

  • Target

    Bootstrapper1.55.exe

  • Size

    76.4MB

  • MD5

    2c8781fb8af16e9646c0fc2ce303a699

  • SHA1

    1444b640655d1e5494ca486d0333cff86aa1e3d6

  • SHA256

    f110a7d8c7f741474e6b6cfdb33aba02a2de58280dbd92f7c118a780d9eabceb

  • SHA512

    ad34362c042ecb00a5804c1dab0b55627726596d38ae09ab1d84c6321b6028f2f52c284943bbd2903549586d07221be44a4123bbb2c7890b1bc985baf13e5f2d

  • SSDEEP

    1572864:v8VlOWyomcSk8IpG7V+VPhqSvE7WxylKN0iY4MHHLeqPNLtD5zq3BxZpW9ryN:vKYromcSkB05awStxyMZMHVLt1zq3juE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2776
  • C:\Users\Admin\AppData\Local\Temp\Bootstrapper1.55.exe
    "C:\Users\Admin\AppData\Local\Temp\Bootstrapper1.55.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Users\Admin\AppData\Local\Temp\Bootstrapper1.55.exe
      "C:\Users\Admin\AppData\Local\Temp\Bootstrapper1.55.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2620
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2788
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x490
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2864

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-localization-l1-2-0.dll

      Filesize

      14KB

      MD5

      39475799bfaee65894f94a0f15d0d1fb

      SHA1

      f7a4e3dc3fb5133c53be4f1b7f1956d85f6f392e

      SHA256

      2d9f380091506eb22f0e92c68f6d8641c06fa92f733494fee9836fd748a294d5

      SHA512

      7156d60ee067f99d21c9d88883c90e8c83d75729807cdd77a37d74d6b15a8224d93189c1283c8756ef18a965bb8a11ad2da84bb6fe8acbffb83503fe6b5355a1

    • C:\Users\Admin\AppData\Local\Temp\_MEI29082\python310.dll

      Filesize

      1.4MB

      MD5

      178a0f45fde7db40c238f1340a0c0ec0

      SHA1

      dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

      SHA256

      9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

      SHA512

      4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

    • C:\Users\Admin\AppData\Local\Temp\_MEI29082\ucrtbase.dll

      Filesize

      961KB

      MD5

      2381e189321ead521ff71e72d08a6b17

      SHA1

      0db7fea07b4bc14f0f9d71ecfa6ddf3097229875

      SHA256

      4918f2e631ef1ae34c7863fa4f3bd7663b2fdf0fa160c0de507ed343484ac806

      SHA512

      2d51d1de627deb852d5ce48315654dfb34115ea9f546f640bb2304cd763d4576eadff5cd7fd184a9b17bac8bf37309a0409034d6303662edfa1a6db69366b9e5

    • \Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-file-l1-2-0.dll

      Filesize

      11KB

      MD5

      d0842ac13c33e2287d8adfb16bc83e7a

      SHA1

      68cfd86a437bd755c2f06e59fd2ba87026d9bec1

      SHA256

      79f0ccfec37c99a53fa333c95adf94420765366d040eea78a76c545c89708ff6

      SHA512

      88a5e680ed5e42452d0b7f638327bc38e88af835ada391a11c44c43faebee040d9d30227dba12231ed4ffa0c8fd3cb461f5a682d48e40a9c29ec410f069ca346

    • \Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-file-l2-1-0.dll

      Filesize

      11KB

      MD5

      f12c1674574b16ddc17f4ccf68955e59

      SHA1

      0c7d9b8b504a3ddc53c0b8e4066c8d829e65ae55

      SHA256

      a88202b5b8e62edeafb536af25580b2b1a437860d86cd5d8a6fba3c89b46acd6

      SHA512

      084776cb0c9e7e3708cd67bd2e075bd6878a13ec0dd70f46abb7532e7153ddc4c5afbcbbd477a62432bef0e1381e06a16f951f7c701b1c6eadec93514834bb39

    • \Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-processthreads-l1-1-1.dll

      Filesize

      12KB

      MD5

      915f1c029d8b51ce579fe6f5330a77ca

      SHA1

      1629e4611e444fcc2514c522e6ac626860f370a5

      SHA256

      8065d56d1442de48a43b98fec8a9788ee144d997604180629ce303ee9ba53d8e

      SHA512

      e0d6900b9d8bd496d41c8cc538054e39e20caca88b8c54b52a2ebc7f01b104db25d9fe2d5fc2b269040cf75ad1c35759d7930be874f034191d03e0dd458e3235

    • \Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-timezone-l1-1-0.dll

      Filesize

      12KB

      MD5

      7b2caafbe6b2c3d6cbf232610dccc034

      SHA1

      ed3f3cb464c779f224729c62ed2a4318f8d0aefc

      SHA256

      ba0afa1fadd4429693538aa2e85230edccc2e481f80b89666907d108d31bed8c

      SHA512

      e32c3b6f31c9fe31381884ae683178bffaca4a88f030335a4502de42432cc014337f5ac2c2ecb726afea15ca3f4c52c26d4024abed1a4187c4773b8c6ff73977

    • memory/2620-1319-0x000007FEF6B20000-0x000007FEF6F8E000-memory.dmp

      Filesize

      4.4MB

    • memory/2620-1320-0x000007FEF6B20000-0x000007FEF6F8E000-memory.dmp

      Filesize

      4.4MB