Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Survivalcr...VD.zip

windows10-ltsc 2021-x64

7

Content.zip

windows10-ltsc 2021-x64

1

Engine.pdb

windows10-ltsc 2021-x64

3

EntitySystem.dll

windows10-ltsc 2021-x64

1

EntitySyst...config

windows10-ltsc 2021-x64

3

EntitySystem.pdb

windows10-ltsc 2021-x64

3

LiteNetLib.dll

windows10-ltsc 2021-x64

1

LiteNetLib.pdb

windows10-ltsc 2021-x64

3

LiteNetLib.xml

windows10-ltsc 2021-x64

3

MessagePac...ns.dll

windows10-ltsc 2021-x64

1

MessagePac...ns.xml

windows10-ltsc 2021-x64

3

MessagePack.dll

windows10-ltsc 2021-x64

1

MessagePack.xml

windows10-ltsc 2021-x64

3

Microsoft....es.dll

windows10-ltsc 2021-x64

1

Microsoft....es.xml

windows10-ltsc 2021-x64

3

Microsoft....ls.dll

windows10-ltsc 2021-x64

1

Microsoft....ls.pdb

windows10-ltsc 2021-x64

3

Microsoft....ls.xml

windows10-ltsc 2021-x64

3

Newtonsoft.Json.dll

windows10-ltsc 2021-x64

1

Newtonsoft.Json.xml

windows10-ltsc 2021-x64

3

OpenAL/x64...32.dll

windows10-ltsc 2021-x64

10

OpenAL/x86...32.dll

windows10-ltsc 2021-x64

3

OpenTK.dll

windows10-ltsc 2021-x64

1

OpenTK.dll.config

windows10-ltsc 2021-x64

3

Survivalcraft.exe

windows10-ltsc 2021-x64

10

Survivalcr...config

windows10-ltsc 2021-x64

3

System.Buffers.dll

windows10-ltsc 2021-x64

1

System.Col...le.dll

windows10-ltsc 2021-x64

1

System.Memory.dll

windows10-ltsc 2021-x64

1

System.Num...rs.dll

windows10-ltsc 2021-x64

1

System.Run...fe.dll

windows10-ltsc 2021-x64

1

System.Thr...ns.dll

windows10-ltsc 2021-x64

1

Analysis

  • max time kernel
    102s
  • max time network
    209s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    06/01/2025, 12:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Survivalcraft.exe

  • Size

    2.1MB

  • MD5

    6d08234db22fc3c62b23e08f28a71ffd

  • SHA1

    d2eb49802a4247739763e106413e06b3e8c8a43e

  • SHA256

    857a6fc48daa936120537557458f6417b433dd18f11d4e749943c45732b86cbc

  • SHA512

    9ce6cb8145191000797b2894ab1f1a7a1a595e45c32dbfc0e5e1a803cfb194aadf661cc9b5dd116f47f82a8d18d20a6be8764e9c2a275b4b4290d8446bd13ff3

  • SSDEEP

    24576:23PoTvLEjxMdgsiH79MgGPPc464eXD2AUyQW1qrucuMwuNnoqdOqjfRv01sHQb2V:i6v3Jc2J9HK68kdlT

Score
10/10
warmcookiebackdoor

Malware Config

Extracted

Family

warmcookie

Signatures

  • Warmcookie family
    warmcookie
  • Warmcookie, Badspace

    Warmcookie aka Badspace is a backdoor written in C++.

    backdoorwarmcookie
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Survivalcraft.exe
    "C:\Users\Admin\AppData\Local\Temp\Survivalcraft.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4696
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x494 0x2d0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4696-0-0x00007FFC07BE3000-0x00007FFC07BE5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4696-1-0x0000018CE1620000-0x0000018CE1840000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4696-2-0x0000018CFBE00000-0x0000018CFBE90000-memory.dmp

    Filesize

    576KB

    Download

  • memory/4696-3-0x0000018CFC370000-0x0000018CFC748000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/4696-4-0x00007FFC07BE0000-0x00007FFC086A2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4696-5-0x0000018CFBF20000-0x0000018CFBF36000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4696-6-0x0000018CFC320000-0x0000018CFC370000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4696-7-0x0000018CFE330000-0x0000018CFE3E2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4696-8-0x000000006B600000-0x000000006B65D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/4696-9-0x00007FFC07BE0000-0x00007FFC086A2000-memory.dmp

    Filesize

    10.8MB

    Download