Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98

  • Size

    15.6MB

  • Sample

    221127-r2nenaaa9v

  • MD5

    f796b03671447929e8047546f4f8f49d

  • SHA1

    4d77bd7dd3c95fbd65c7b0259be050d718270e7e

  • SHA256

    e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98

  • SHA512

    4449b0bf720177b0ac01b5e775b404a426fd9b0cbe7617f76243896a62d174f1757272c8e419e9c1a91471efe6d8d399ceace02b9ad20a7dd45817712f07f28d

  • SSDEEP

    393216:ay28NLuHz6iHiS5CiS0ibA8eSLsralugzYHKM0lV69fsc:aQwJHJCiS0JeRgNgs

Malware Config

Targets

    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm

    • Size

      832KB

    • MD5

      b961af6847c50e3fbfad9dddf0571811

    • SHA1

      f5ecedf097181c9816082459fe46eb06e2ab4fb7

    • SHA256

      94a58122712d79d18214ba2d4c676c03533bfceb3d32914161fbb0eadc97c4f7

    • SHA512

      c69815680f800d3b93cdb54462877dfc850efd19053d19493546e21fa27ac4875eda67629d92a068591ed01ae99b402d6b3e3328a68d3bf56c818581962ac625

    • SSDEEP

      24576:JV9Jnm6H02ZgqM3kWmUtJlOP2HO/dW7gD:DH1UZs

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url

    • Size

      187B

    • MD5

      f2b2a3fc83bd2a514240f88f7d81cdcb

    • SHA1

      f8f496bb310d030a7cce278db2e226ced284edd2

    • SHA256

      dd5c64bea3a3f7e8b3b3384d1ed134d34fabdd547c6b2930377ba73ccc28599f

    • SHA512

      fa2e49a23c0ffcceb288370767abe8d8b251b070934d155ce6b67dce076d2d3d09845e9102dfbee27568b0d3ae3c2342dd9f1bfaaf0d6481074c12ad0f916328

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe

    • Size

      485KB

    • MD5

      09339d8bf1c5891db81737c22dfb9dc0

    • SHA1

      88f86c6195a3fe12e40250287031e3203d93b0fe

    • SHA256

      43fce1808e399bcb2a35cb7d9c18a3c44df01c0e3bf3e2d1cc69b459c0782ed1

    • SHA512

      5a83f287b53540cb877eb2185be89401838c4959c1fc5b2cf6eefb0ffc93424b16c4f0c3e15af7157d00793ce9f2d97864b7418d36f477816d8e5608baf72bc8

    • SSDEEP

      12288:sYxJQY+YdZR4gFfzqjldvP8zasz/Ct8mQWtmQ2go:XxCY+i7TfSFvQC+tW3

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe

    • Size

      508KB

    • MD5

      1ed1c217b9687078ae3d6a0fee0d45c2

    • SHA1

      5c1f3b7af2ba906d4bece854e37364142d5e420b

    • SHA256

      e231b72ff94084ce3d98f7c9f9b98824e437e90fd1469922a4fcbbc2e35f768c

    • SHA512

      c12f909f386780c3583a7d73626a069089f2f0e41bc6e5683add66cc19fdff7eac0d3e49e31fd23c07e7a776f5eabb907dcf88a1b1670226c79bbadd141f4dc9

    • SSDEEP

      12288:roNFBhCGm1Godt78LxLNk6tW9eWILhDwtXg5KpeQZ0772bpth+p:roNXkGm1RdtYLxo9eW8Dyg5KpD0nuptw

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe

    • Size

      383KB

    • MD5

      64cf2cfcd2503c486e6957a569c0dc76

    • SHA1

      77592007a54ece0327df90a7096f27652e9cd665

    • SHA256

      dcee4f53b38c5424ee128dd153a47d4e1d8086ca90f2c1fab4be29bc8ca02cf3

    • SHA512

      96772724daf228701b434490963a3cddaf022634ad4048a1dc34d9f683f991e3b31adfde6599be23774343e48fdf82772170e0eebfa52487cf0e40df834a0a2f

    • SSDEEP

      6144:QcZwt8EL8UgzFJJpOYTELbsu9IBXmv9gt722JqgrX2g8VAU/VFSOu7AtUlRMV3F:zZahYN3w4ZBKgdSgRyVFLrtUlRMV

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe

    • Size

      480KB

    • MD5

      3dd9be1401c813af75ec398b3f57c028

    • SHA1

      eb60adab845f21998bb59ff9e4a428e4c2779cb4

    • SHA256

      808595de42bf3c5df1583fd0088c8a36d88c4217acc81be565e74a8a49b8a2ac

    • SHA512

      1100605268953a2cffa72213502ce4db32984165a17c1e57656cda883a3f887af9d379e2edbf84d7f5f1b5a2a0629bf7eab008d0f713962dc104340d2008001c

    • SSDEEP

      12288:hcsfv2muayPvLGBFBSjWA95mk3AktuebnQgyV8JIiIb:b+fbbGBFBSzmk33Aeblgb

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe

    • Size

      333KB

    • MD5

      c07b785b690fb9dfa0b404c6e69a7001

    • SHA1

      b236a4720d6ac9426f40195fa5619a8c6eb24fff

    • SHA256

      27f4d216da33de9541a9e30702caa1ffeb68ca6e3e904382d3f8b1aba79e27b1

    • SHA512

      47a0904d5d7a2143795e41ed7e6b8efd6e2816f502748921d0f3dbf53bd5d83ba041926b0e458aa5f3423f3752c6454074af9d8b9189138a1e9ac04946cd493e

    • SSDEEP

      6144:LOzLPjdf+/66Z5TsfkRumVMPz3apGeAyx8WXc5FshwBWJg6djNVYmxtu+:LOz/t+/phckwJr346eCF9WZNntu+

    Score
    8/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll

    • Size

      708KB

    • MD5

      8b1cc052a316b3d9c987638e090dc30c

    • SHA1

      8a786247ed4b8e3b3b23894a40a2662bb6bb864b

    • SHA256

      ec68caf90c61e2c3620154c562f306d3104c99855ee2d6cb40a390003cc21c13

    • SHA512

      fd8f4f5f73756472268acff656b3064858d5dbd98643d2bac27eac4ac23ea51cae30bcabc3a209d466cec72c634e4de06f93345eae49d864e596a3a5c67f3674

    • SSDEEP

      6144:wacWxKtTHt9kwZ7oCSr/eu+zYJfnWV3j8MXSnkxHepk1NHwgIDLL5fKH+c:wacWxoN9kwZMCl3j8xn0+pk15ghfKT

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe

    • Size

      3.4MB

    • MD5

      c2da6a2920b67b4c888c7209e55e484a

    • SHA1

      296d2aec76116c25b3550b52d80d94440d3a783e

    • SHA256

      e9be4facf1882e685aebe9703664715523c21995fdf9c19197da9a0a6adf8f4d

    • SHA512

      edf04caabe60bef22e05075496eff89c40d6ecce4eb2f717a3881596bc3d0953bea594f125725893c274e84de9b9008a076a52126e2da87d1b210470d3d57144

    • SSDEEP

      98304:eQ8PU3vL2A4ZMNbEhy7DpeSrsK+AZH2c4+:h8sh9y2dXfZHR1

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll

    • Size

      1.7MB

    • MD5

      6e00bde454e5c87cd6a4c0abdc698c89

    • SHA1

      9f9c5d03f1ed8fc40b7f1560fa3db94c0b8a2b28

    • SHA256

      b66ff82da730bb8021fd28aa9f7aa7d6c002a9ade9f64e14645a51665723c5e2

    • SHA512

      fce79019308bf11449f88d52c746ec4dad624c5f4ec03d8b9a1d4cc95dd1a4997513676160eb03101bb041c30970ba7e93df5dd38d39ceac3b935ae74d0de489

    • SSDEEP

      24576:U9kBIWxwSHJvOqByWQH0qYCSIxRJsxLwWfu7bOaSKN/6ZqlRIV+BEl6SujwK:nBINc2qBLlCSQxGuPOyl2V+UL0wK

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe

    • Size

      371KB

    • MD5

      3555f6b20c2e139a846ba0a6fd31aa97

    • SHA1

      0941ba558b4640b2d46c6c6ba26f90be4546e3ae

    • SHA256

      4584bfec89ae175834a47df600c98f054584cacf6eef4919f973b13c41674917

    • SHA512

      e9a5e770295eb527895ea667bc81a5feec6d1379d4bcfd788056e6187819e806a0a37c1410687ec2bb9edddcde674ad86c648eaae6a9037ca6233bef03a0a6dd

    • SSDEEP

      6144:vbBBPs6RIjBAarBQrFrgTRKrYNfU6spHn7zCA9upZZhiqD10NV1s:zBe3r0ZgFAYNfU6spHfC2upc81qs

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe

    • Size

      296KB

    • MD5

      80bfe461c0a4df0f2a6dc808aaffe86b

    • SHA1

      000817f018c43f2544037e6b45431d8bb0592c1d

    • SHA256

      cddee7119496376779c2184b68438207d63e889a5ed4cfe47772530120b099cd

    • SHA512

      9204d28b824f5223d486820d4a6de02ec503236c856f93bb97587a60c1f6215a0b137fe67a0d95d2adef60eb84840cb01ca3f9a073a6ca48c8de13aa7f179844

    • SSDEEP

      6144:wxp2Iqw3fysi6BAgsmouJXkwlyxHZ6IVsYzdouRKCp+mhbC:wxIIqwvy5yfouxS6I5YC82

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe

    • Size

      406KB

    • MD5

      a89c4a9a2f623c0fdd6c9fea68735bb3

    • SHA1

      b012a26192769a56a92446d820b06c902b06b08a

    • SHA256

      7f76aa96812819466576b11711efefb0b4e52be89b4e7c4b02cad717c6ae960a

    • SHA512

      fed6f747bbcea8ef611547db973dad24952e77dad4deb483e68de1ca77bc066cec9fe4fef9c96cbe19bb54c79c6950d434030ab30539e7224e0bf1b4f93b8ba8

    • SSDEEP

      12288:r39e2xgs3C9DOqLoBXkoXfp6gmplCMMVo:rNvxgs0DzoBBogGM+

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe

    • Size

      383KB

    • MD5

      1fd69fe8016fba4696bbc37e47be3f5d

    • SHA1

      00baa7eda6753f25add8ec64bef239feae99f1a9

    • SHA256

      f1ef5d0962735eb6341b3c2cbd6c5c4ee3c74071be4c721a36a26fd5c1e394f0

    • SHA512

      40f1b350ef39585ece7cd06f09c84931c785c139c0e597ea11700573afee16bd8563af716c7b4a70aa854d130ce3210d0c855c8ad86b5da7adbee41cf54a4a53

    • SSDEEP

      6144:0uI8TbCceQIRjFkrDPqSZP9wTjdaB7NLrsyNotHVP6Fa36c:5IXxnKDSCmTjK3sv1VPSaK

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat

    • Size

      764B

    • MD5

      36a3f6229863c32189d31d261a9fa647

    • SHA1

      ccae052c897e053f8dd16fbb388c4fb3e64f548f

    • SHA256

      d0e860ab0c36dc5f031128153fdb3979407c3a917a6485b73fd096bf1c3a9eae

    • SHA512

      2a8c3605e4a3860aec187f20d19ac129281f2dad8597bb884872578832c480a894ea327f925dcbd5dfb8c437910d7729b9f7cf0af61dcfb13d206c2d9a567bce

    Score
    1/10
    • Target

      3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe

    • Size

      407KB

    • MD5

      49ab59f5b8405721b09797642296c1f4

    • SHA1

      01bd8bd414bcd1c145828488acc0678d5513672d

    • SHA256

      6b80d96d18fd937eabcccb7ca16994a8f93a481c319fc15eeb6570ad45745508

    • SHA512

      c63ebeefc91a9b3558be510efb150783d37bbde07be23a1c9a88ac08ca23a07855e06f3240b858ee38490fc45a80436652fd92daf0cc27a4970775f53e8bd403

    • SSDEEP

      12288:n39e2xgs3C9DOqLoB6NPBroi49fH6ItZEIJQiYdhv:nNvxgs0DzoB0PVoi49xRY/

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks

static1

aspackv2upx
Score
8/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

upx
Score
8/10

behavioral14

upx
Score
8/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

bootkitevasionpersistencetrojan
Score
9/10

behavioral18

bootkitevasionpersistencetrojan
Score
9/10

behavioral19

bootkitevasionpersistencetrojan
Score
9/10

behavioral20

bootkitevasionpersistence
Score
9/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10