Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64bccd69f3c8c37f199da2cf627fd4e98353c8d58cf54d1670014da5d2ab4032

  • Size

    1.8MB

  • Sample

    221127-p85amsdd8z

  • MD5

    8d5e27b5aa2712b8a4b59d8a6f68b685

  • SHA1

    9d93b34acb7d1eef46a547208fd14902231984fa

  • SHA256

    64bccd69f3c8c37f199da2cf627fd4e98353c8d58cf54d1670014da5d2ab4032

  • SHA512

    3200e826ab590d681976b0c0c209e62b11da1d98169035de3d0c415a73b71cbbec7463c99134c110525fe1780570598bab20e8c3e74096c7277909f1c4346c04

  • SSDEEP

    49152:lkEQ2RXMQ7ezKrG8u5vc7iGepN9QiksIhJoRePk7YFG:lPFV7UssGebWHToYPWYk

Malware Config

Targets

    • Target

      淘淘淘宝论坛抢沙发软件/淘淘淘宝论坛沙发机.exe

    • Size

      1.8MB

    • MD5

      b44f2dae79eeffee0174ffa8babb685b

    • SHA1

      caf10a193736a58a79e68ea711f46757d85fa0aa

    • SHA256

      e320c00f5262fb1cd211af8ae64fdfbb5bd9cc35f125554663f1221c7bcd191e

    • SHA512

      3d93e4a23a636b600ef989a290c688cea6b252597b99629f130658a4370d1f8e90792c857cec2a122d38ea5c4706323e957190a244c9df9a70b63fe993a17b34

    • SSDEEP

      49152:+TpDJZ0UnBFPDMHWJjtI6DjqdA+zUZZsL:+tJZ0UPPOyjtvqd9U

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      淘淘淘宝论坛抢沙发软件/软件使用教程.doc

    • Size

      198KB

    • MD5

      edfae8cc862c094138b003a5092cacbc

    • SHA1

      3f508c0a39b87edfc037bce7bc2ad1165cbb3bfb

    • SHA256

      433c07dd4bd0b9119aac4f2e325be0ecbc98d77b2d45d14ba673aa09261a92eb

    • SHA512

      402599706449c42a7ae2c1f1c98fc71a783054c4cb874842a583626053de94cf1428c40d79b211858c9d7fe090368ba057da0aa66ddd93bae5b34269eca9b41f

    • SSDEEP

      3072:93ckl49LJYkO0ufKW56Q2fHYnenenenenenenenenenf2q2cx+y9bmIjA/nNSjw:Zckl49LJYp1It2q4CbmR/n2kw

    Score
    4/10

MITRE ATT&CK Enterprise v6

Tasks