Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f1439a6c37bd4b32d86b80966266f07812e6f62a8ae8f96436aadef4b4b03025

  • Size

    1.8MB

  • Sample

    221201-zp1hfsaf67

  • MD5

    06aad1bfeb81d72e5bd28fe3c5d2a544

  • SHA1

    146de18e1f5b5a7aa7d82696fa5db2c9e25df6d9

  • SHA256

    f1439a6c37bd4b32d86b80966266f07812e6f62a8ae8f96436aadef4b4b03025

  • SHA512

    1a4c70debc5bbcc029a2d5a6a660882171e66025d68c51deeada4529973f87b400a147a54ed3a5c8063055d0dbc1e1268dbd501c26b05db49e0915606951580a

  • SSDEEP

    49152:M9/wg31hawmqf4B+gsSvyHSkVnSqz+W+diLysU:wl31h+qf4B+OwSsSM+0G

Score
9/10

Malware Config

Targets

    • Target

      最新西西游戏外挂网.url

    • Size

      181B

    • MD5

      bf12e97a4b4289845887cf9ea2305b15

    • SHA1

      f6ea0d3a69497c2c13f0064aca97f7910c6721a1

    • SHA256

      68fc6bcbbe136dcfbaa0d4869700a6fb33f89401278b413b2a753533ffa54ace

    • SHA512

      bff0f9c5fae5cc4f2bd96698767d04b16758bc322e62d8eac23c584c12e3e23b655749ec3f97b88364f858edcfd4969415a8be13bf4210ae2abc74e38a7b3b8d

    Score
    1/10
    • Target

      ľͷˡ10.5A .exe

    • Size

      3.1MB

    • MD5

      6888bf89383dc531b5f48565473ff282

    • SHA1

      8a5637aaabdf6cf33f01497a8a30f6df1d3c8423

    • SHA256

      28277d5645f1d59fda3b93f301ccadb051a4de4263ae3e26f7b7347ca4ec0816

    • SHA512

      44c6744af094eb9aaf0e1778069e8b591880fb57ae3d5140db52273523e43f43c07249afd9b7ab3f64d7d8f2f952b8d7ce5123c9d46ebcec3d1c1bbe64c8be84

    • SSDEEP

      49152:FZzgXr4iTZaqdwk0c05HGimCJLMBXVr05fc0rw:vcr4iYqdwkLcHHpYnRl

    Score
    9/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks