Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10bca3772529...45.exe
windows7-x64
10bca3772529...45.exe
windows10-2004-x64
10bccb34575f...72.exe
windows7-x64
10bccb34575f...72.exe
windows10-2004-x64
10bcf1af9a5a...be.exe
windows7-x64
10bcf1af9a5a...be.exe
windows10-2004-x64
8bcf783e363...97.exe
windows7-x64
3bcf783e363...97.exe
windows10-2004-x64
3bd515574dc...8c.exe
windows7-x64
1bd515574dc...8c.exe
windows10-2004-x64
1bd68ca7605...39.exe
windows7-x64
10bd68ca7605...39.exe
windows10-2004-x64
10bd707a0357...e3.exe
windows7-x64
9bd707a0357...e3.exe
windows10-2004-x64
9bd7edfedeb...0b.exe
windows7-x64
10bd7edfedeb...0b.exe
windows10-2004-x64
10bdad1ff46d...f2.exe
windows7-x64
10bdad1ff46d...f2.exe
windows10-2004-x64
10bdae9ff159...df.exe
windows7-x64
10bdae9ff159...df.exe
windows10-2004-x64
10be01d2552c...1c.exe
windows7-x64
10be01d2552c...1c.exe
windows10-2004-x64
10be077774c9...87.exe
windows7-x64
10be077774c9...87.exe
windows10-2004-x64
10be0a8aeb7e...56.exe
windows7-x64
3be0a8aeb7e...56.exe
windows10-2004-x64
3be1643898c...f5.exe
windows7-x64
7be1643898c...f5.exe
windows10-2004-x64
10be183db6d4...94.exe
windows7-x64
10be183db6d4...94.exe
windows10-2004-x64
10be2375e810...94.exe
windows7-x64
10be2375e810...94.exe
windows10-2004-x64
10Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22/03/2025, 06:15
Behavioral task
behavioral1
Sample
bca3772529d1a336233bb4e59a704d5217e6e1f7b80222d2d028bfc816cb5445.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bca3772529d1a336233bb4e59a704d5217e6e1f7b80222d2d028bfc816cb5445.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
bccb34575fb2db34d4a29075cb2f9aa39904b7d5412695545f2240c00fbb0472.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
bccb34575fb2db34d4a29075cb2f9aa39904b7d5412695545f2240c00fbb0472.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral5
Sample
bcf1af9a5a93ae74ea1c79da9951c5be.exe
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
bcf1af9a5a93ae74ea1c79da9951c5be.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral7
Sample
bcf783e363557f5bdd4014c159ae2497.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
bcf783e363557f5bdd4014c159ae2497.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral9
Sample
bd515574dc1cb379674710f110e907d8cd72a5e4c5eb90d464fbee847b71718c.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
bd515574dc1cb379674710f110e907d8cd72a5e4c5eb90d464fbee847b71718c.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral11
Sample
bd68ca7605316450c87b9218d2dbe19d8c5694e07b93f320f3ca4a9ad902c139.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
bd68ca7605316450c87b9218d2dbe19d8c5694e07b93f320f3ca4a9ad902c139.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral13
Sample
bd707a0357b19ea6953d47900bb051e3.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
bd707a0357b19ea6953d47900bb051e3.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral15
Sample
bd7edfedebe8a680d801ffd5b2415cd3877e95c78edb8cfc44eaae3e0e9a1e0b.exe
Resource
win7-20250207-en
Behavioral task
behavioral16
Sample
bd7edfedebe8a680d801ffd5b2415cd3877e95c78edb8cfc44eaae3e0e9a1e0b.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral17
Sample
bdad1ff46d46963cc687d5f6889c9ef2.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
bdad1ff46d46963cc687d5f6889c9ef2.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral19
Sample
bdae9ff15952ccdfec0be80562f1cbdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
bdae9ff15952ccdfec0be80562f1cbdf.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral21
Sample
be01d2552c64422f1b97721af2e07451309244c21e464bbe47b603043d95b21c.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
be01d2552c64422f1b97721af2e07451309244c21e464bbe47b603043d95b21c.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral23
Sample
be077774c9e78bbe8c9388aa7d552de77e9ef40ec732ea193da049a0db2e5787.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
be077774c9e78bbe8c9388aa7d552de77e9ef40ec732ea193da049a0db2e5787.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral25
Sample
be0a8aeb7e1655bee6255bac9c2947ecef511b5f00e29933dfd9c7f39965bf56.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
be0a8aeb7e1655bee6255bac9c2947ecef511b5f00e29933dfd9c7f39965bf56.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral27
Sample
be1643898cf51a24e38e4044d24ae1f5.exe
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
be1643898cf51a24e38e4044d24ae1f5.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral29
Sample
be183db6d4b77c092496c69c3f389b94.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
be183db6d4b77c092496c69c3f389b94.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral31
Sample
be2375e810af4d76a0fc392d8acf2d1218cd2c21a6b8160be7f1f30ef7cf4694.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
be2375e810af4d76a0fc392d8acf2d1218cd2c21a6b8160be7f1f30ef7cf4694.exe
Resource
win10v2004-20250314-en
General
-
Target
bd707a0357b19ea6953d47900bb051e3.exe
-
Size
9.0MB
-
MD5
bd707a0357b19ea6953d47900bb051e3
-
SHA1
8beefca61bdb6d8086bd6f3e16d86eab575138a2
-
SHA256
979c2c3e2496830b8778123e349c9b00168ffef73fbc0f7e53ff110147f9be6c
-
SHA512
4e458c7b4e6ca8e77c783ea92ca511816fed9b7525c0805982b0350e7713210afcc11e6004005200192172ab65ab2eb115a5eba4f60e448bfea1d38cf9bbf718
-
SSDEEP
196608:jxSZrxSZExSZfU+2at3DS7sJav43YmOZdqUJ9quict4zvv0uP:jxSZrxSZExSZfU+2aJDSgJnmqukY4zHN
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions bd707a0357b19ea6953d47900bb051e3.exe -
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools bd707a0357b19ea6953d47900bb051e3.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion bd707a0357b19ea6953d47900bb051e3.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion bd707a0357b19ea6953d47900bb051e3.exe -
Executes dropped EXE 1 IoCs
pid Process 2244 bd707a0357b19ea6953d47900bb051e3.exe -
Loads dropped DLL 1 IoCs
pid Process 2408 cmd.exe -
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 bd707a0357b19ea6953d47900bb051e3.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum bd707a0357b19ea6953d47900bb051e3.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 1 IoCs
pid Process 2084 timeout.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2916 bd707a0357b19ea6953d47900bb051e3.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2916 bd707a0357b19ea6953d47900bb051e3.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2408 2916 bd707a0357b19ea6953d47900bb051e3.exe 29 PID 2916 wrote to memory of 2408 2916 bd707a0357b19ea6953d47900bb051e3.exe 29 PID 2916 wrote to memory of 2408 2916 bd707a0357b19ea6953d47900bb051e3.exe 29 PID 2408 wrote to memory of 2084 2408 cmd.exe 31 PID 2408 wrote to memory of 2084 2408 cmd.exe 31 PID 2408 wrote to memory of 2084 2408 cmd.exe 31 PID 2408 wrote to memory of 2244 2408 cmd.exe 32 PID 2408 wrote to memory of 2244 2408 cmd.exe 32 PID 2408 wrote to memory of 2244 2408 cmd.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe.bat" "2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Windows\system32\timeout.exetimeout /t 1 /nobreak3⤵
- Delays execution with timeout.exe
PID:2084
-
-
C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe" relaunch3⤵
- Executes dropped EXE
PID:2244
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
399B
MD518f7e01be92f7674eb444b559e1e0696
SHA1f5eeb0adc69bddebadab8928f13a54fd13fe5c86
SHA256ee7d2a9beaf743a23e22d7d0442389ed861e6100e8409085aab6979e5acb21c9
SHA51255ec9320d26282b2646a3e84a365876a5a1b6db70d5ebbbf0d69daf597b41093020e09d7db8663b50333be50ae87542c55b6c96aba635e8a6c40e1ce60a9d3fc
-
Filesize
9.2MB
MD5c24ff340e48d178d624057668f394940
SHA18527e0b22692f1c0b2cc75e523138b99ca3ea5c5
SHA2560e1dcc12b1109ce83894fcaa99e62cb16475169566a4079c6582ba4f4ff0214c
SHA512fb7960aad36f3d68780771ef85a68af8093ca4789737e1de11627b08936fc3121b2652df2e0b587fb85fe5daa18d50a8484993cd249ac088f2d0f5ff9579498f