Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2569c3c02c007e535773d74803faa9e5ebb3b4bb3c0eff1741c980edacccf863

  • Size

    5.5MB

  • Sample

    221127-hjb48sfg44

  • MD5

    4765a4fee8e92178c6317de3b4956a6e

  • SHA1

    d8577e806e350b175fbcfefe20b1a75c1036336c

  • SHA256

    2569c3c02c007e535773d74803faa9e5ebb3b4bb3c0eff1741c980edacccf863

  • SHA512

    25959d38c800fc99d849e9b5e596fd564ae9209e54cb011dd09539bcf6ca3e6295b5313d5f187c6497ff0ffd58cce76936663cab77154a4881f1adce0f0b3edc

  • SSDEEP

    98304:zYFCUg6zmY+caVnfusE61HZdy9eeJlqy4ST2Pah7sdERZEsLF51ilhPBE4GtyiD:nUPd+cqG6gCPayEEsRMdBzuD

Score
9/10
upx

Malware Config

Targets

    • Target

      bwwxyxw_gr/SkinH_EL.dll

    • Size

      86KB

    • MD5

      147127382e001f495d1842ee7a9e7912

    • SHA1

      92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    • SHA256

      edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    • SHA512

      97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    • SSDEEP

      1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK

    Score
    8/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      bwwxyxw_gr/dm.dll

    • Size

      804KB

    • MD5

      c578b6820bda5689940560147c6e5ffc

    • SHA1

      922e50d89c9c44bdc205ef17aa57212b64e58852

    • SHA256

      3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389

    • SHA512

      9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85

    • SSDEEP

      24576:3rhlxaCsVb6KoTpZCFg6DTk1F2RjkjCQG:VWCsVb6KUpZ+hDg1F2d6

    Score
    1/10
    • Target

      bwwxyxw_gr/reg.dll

    • Size

      5.5MB

    • MD5

      bbbcfa4e934122ba0a96a9dff367cf5b

    • SHA1

      3346a1ed1fdb4c33bc1956338f79f08f6dd34f26

    • SHA256

      e11337c42792606196eda4a6f9c9cd22cc9ba59feff9acf74022fb46fbdbf5b1

    • SHA512

      76d337708b20086888e5f3037d29f8a37bfd98f9eff125f6f2dd4bb5ae823c1ac76cebe54383bbb8ce038d27bf7f86bf96c6f585e21bf7c1c80e9b7317e63337

    • SSDEEP

      98304:WGdZusmwYqdwkLcHHj5SbWf+YFCNK1oLZliOuz5+If9kuPJGGf6iOdDEvJ:v5jAjQaf+HNKcqkwG46Jw

    Score
    9/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      bwwxyxw_gr/更多软件下载.url

    • Size

      219B

    • MD5

      122e953f3a92541c27cc62db2d9bb0f7

    • SHA1

      5c85d98b4bce0daac9631297ddb00b005161d131

    • SHA256

      5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd

    • SHA512

      77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583

    Score
    1/10
    • Target

      bwwxyxw_gr/霸王微信营销软件.exe

    • Size

      1.3MB

    • MD5

      9334885d21586062eff80dbef52e1541

    • SHA1

      564f8ec68172311ad209dfe843aa955da1959f44

    • SHA256

      85b8428400a43fea8f27809538a04fb3ec403a2ca88ee852534d4efb7ea1b28e

    • SHA512

      c682abf4a9a4a8e5b9cc6ae3cb6b7fd7347a9c95b36adf162ec3f555ecd6d748aaa6a248b0647ef3c3de079ab9b2a51e2ece23f4e2379589468ae58ab8f69c21

    • SSDEEP

      24576:SJyhowCsDm/XBK6TZaqdiXSp0c02uFG6dAk3xM5:7ob/RVTZaqdwk0c05HGiM

    Score
    8/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v6

Tasks