Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10bca3772529...45.exe
windows7-x64
10bca3772529...45.exe
windows10-2004-x64
10bccb34575f...72.exe
windows7-x64
10bccb34575f...72.exe
windows10-2004-x64
10bcf1af9a5a...be.exe
windows7-x64
10bcf1af9a5a...be.exe
windows10-2004-x64
8bcf783e363...97.exe
windows7-x64
3bcf783e363...97.exe
windows10-2004-x64
3bd515574dc...8c.exe
windows7-x64
1bd515574dc...8c.exe
windows10-2004-x64
1bd68ca7605...39.exe
windows7-x64
10bd68ca7605...39.exe
windows10-2004-x64
10bd707a0357...e3.exe
windows7-x64
9bd707a0357...e3.exe
windows10-2004-x64
9bd7edfedeb...0b.exe
windows7-x64
10bd7edfedeb...0b.exe
windows10-2004-x64
10bdad1ff46d...f2.exe
windows7-x64
10bdad1ff46d...f2.exe
windows10-2004-x64
10bdae9ff159...df.exe
windows7-x64
10bdae9ff159...df.exe
windows10-2004-x64
10be01d2552c...1c.exe
windows7-x64
10be01d2552c...1c.exe
windows10-2004-x64
10be077774c9...87.exe
windows7-x64
10be077774c9...87.exe
windows10-2004-x64
10be0a8aeb7e...56.exe
windows7-x64
3be0a8aeb7e...56.exe
windows10-2004-x64
3be1643898c...f5.exe
windows7-x64
7be1643898c...f5.exe
windows10-2004-x64
10be183db6d4...94.exe
windows7-x64
10be183db6d4...94.exe
windows10-2004-x64
10be2375e810...94.exe
windows7-x64
10be2375e810...94.exe
windows10-2004-x64
10Analysis
-
max time kernel
137s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20250313-en -
resource tags
arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system -
submitted
22/03/2025, 06:15
Behavioral task
behavioral1
Sample
bca3772529d1a336233bb4e59a704d5217e6e1f7b80222d2d028bfc816cb5445.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bca3772529d1a336233bb4e59a704d5217e6e1f7b80222d2d028bfc816cb5445.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
bccb34575fb2db34d4a29075cb2f9aa39904b7d5412695545f2240c00fbb0472.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
bccb34575fb2db34d4a29075cb2f9aa39904b7d5412695545f2240c00fbb0472.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral5
Sample
bcf1af9a5a93ae74ea1c79da9951c5be.exe
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
bcf1af9a5a93ae74ea1c79da9951c5be.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral7
Sample
bcf783e363557f5bdd4014c159ae2497.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
bcf783e363557f5bdd4014c159ae2497.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral9
Sample
bd515574dc1cb379674710f110e907d8cd72a5e4c5eb90d464fbee847b71718c.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
bd515574dc1cb379674710f110e907d8cd72a5e4c5eb90d464fbee847b71718c.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral11
Sample
bd68ca7605316450c87b9218d2dbe19d8c5694e07b93f320f3ca4a9ad902c139.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
bd68ca7605316450c87b9218d2dbe19d8c5694e07b93f320f3ca4a9ad902c139.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral13
Sample
bd707a0357b19ea6953d47900bb051e3.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
bd707a0357b19ea6953d47900bb051e3.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral15
Sample
bd7edfedebe8a680d801ffd5b2415cd3877e95c78edb8cfc44eaae3e0e9a1e0b.exe
Resource
win7-20250207-en
Behavioral task
behavioral16
Sample
bd7edfedebe8a680d801ffd5b2415cd3877e95c78edb8cfc44eaae3e0e9a1e0b.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral17
Sample
bdad1ff46d46963cc687d5f6889c9ef2.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
bdad1ff46d46963cc687d5f6889c9ef2.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral19
Sample
bdae9ff15952ccdfec0be80562f1cbdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
bdae9ff15952ccdfec0be80562f1cbdf.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral21
Sample
be01d2552c64422f1b97721af2e07451309244c21e464bbe47b603043d95b21c.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
be01d2552c64422f1b97721af2e07451309244c21e464bbe47b603043d95b21c.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral23
Sample
be077774c9e78bbe8c9388aa7d552de77e9ef40ec732ea193da049a0db2e5787.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
be077774c9e78bbe8c9388aa7d552de77e9ef40ec732ea193da049a0db2e5787.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral25
Sample
be0a8aeb7e1655bee6255bac9c2947ecef511b5f00e29933dfd9c7f39965bf56.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
be0a8aeb7e1655bee6255bac9c2947ecef511b5f00e29933dfd9c7f39965bf56.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral27
Sample
be1643898cf51a24e38e4044d24ae1f5.exe
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
be1643898cf51a24e38e4044d24ae1f5.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral29
Sample
be183db6d4b77c092496c69c3f389b94.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
be183db6d4b77c092496c69c3f389b94.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral31
Sample
be2375e810af4d76a0fc392d8acf2d1218cd2c21a6b8160be7f1f30ef7cf4694.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
be2375e810af4d76a0fc392d8acf2d1218cd2c21a6b8160be7f1f30ef7cf4694.exe
Resource
win10v2004-20250314-en
General
-
Target
bd707a0357b19ea6953d47900bb051e3.exe
-
Size
9.0MB
-
MD5
bd707a0357b19ea6953d47900bb051e3
-
SHA1
8beefca61bdb6d8086bd6f3e16d86eab575138a2
-
SHA256
979c2c3e2496830b8778123e349c9b00168ffef73fbc0f7e53ff110147f9be6c
-
SHA512
4e458c7b4e6ca8e77c783ea92ca511816fed9b7525c0805982b0350e7713210afcc11e6004005200192172ab65ab2eb115a5eba4f60e448bfea1d38cf9bbf718
-
SSDEEP
196608:jxSZrxSZExSZfU+2at3DS7sJav43YmOZdqUJ9quict4zvv0uP:jxSZrxSZExSZfU+2aJDSgJnmqukY4zHN
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions bd707a0357b19ea6953d47900bb051e3.exe -
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools bd707a0357b19ea6953d47900bb051e3.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion bd707a0357b19ea6953d47900bb051e3.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion bd707a0357b19ea6953d47900bb051e3.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000\Control Panel\International\Geo\Nation bd707a0357b19ea6953d47900bb051e3.exe -
Executes dropped EXE 1 IoCs
pid Process 4784 bd707a0357b19ea6953d47900bb051e3.exe -
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum bd707a0357b19ea6953d47900bb051e3.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 bd707a0357b19ea6953d47900bb051e3.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 1 IoCs
pid Process 6136 timeout.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1560 bd707a0357b19ea6953d47900bb051e3.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1560 bd707a0357b19ea6953d47900bb051e3.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1560 wrote to memory of 4512 1560 bd707a0357b19ea6953d47900bb051e3.exe 88 PID 1560 wrote to memory of 4512 1560 bd707a0357b19ea6953d47900bb051e3.exe 88 PID 4512 wrote to memory of 6136 4512 cmd.exe 90 PID 4512 wrote to memory of 6136 4512 cmd.exe 90 PID 4512 wrote to memory of 4784 4512 cmd.exe 91 PID 4512 wrote to memory of 4784 4512 cmd.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Checks computer location settings
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1560 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe.bat" "2⤵
- Suspicious use of WriteProcessMemory
PID:4512 -
C:\Windows\system32\timeout.exetimeout /t 1 /nobreak3⤵
- Delays execution with timeout.exe
PID:6136
-
-
C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe" relaunch3⤵
- Executes dropped EXE
PID:4784
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD55cb90c90e96a3b36461ed44d339d02e5
SHA15508281a22cca7757bc4fbdb0a8e885c9f596a04
SHA25634c15d8e79fef4bddec7e34f3426df3b68f8fc6deac29ea12d110f6c529fe3bb
SHA51263735938c841c28824e3482559df18839930acc5ea8600b1074439b70a2f600a92f41593568e49991f25f079e7f7361b4f1678feadbf004f6e9e4d51d36598d4
-
Filesize
399B
MD518f7e01be92f7674eb444b559e1e0696
SHA1f5eeb0adc69bddebadab8928f13a54fd13fe5c86
SHA256ee7d2a9beaf743a23e22d7d0442389ed861e6100e8409085aab6979e5acb21c9
SHA51255ec9320d26282b2646a3e84a365876a5a1b6db70d5ebbbf0d69daf597b41093020e09d7db8663b50333be50ae87542c55b6c96aba635e8a6c40e1ce60a9d3fc
-
Filesize
9.2MB
MD5694ca97482c7dd1a4027ad216b575f3c
SHA150a05de7d0e61e6d1cd17c6cc0f27f0580870586
SHA2562ac1bc3c3d94c4bd6fadcef78f65a98c281f6fe468ed356c7776e08bc9569420
SHA512e672384f621b73976888289881d1f04c7782a143ff9b915eb38316b2c41c611c2d272bd7c458f3d40728ddd3aa23f7b42336c6a96a22aed4fec479585f2cbfc6