Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    launcherfull-shiginima-v4400-pc.zip

  • Size

    4.8MB

  • Sample

    230104-1rgzkadc4z

  • MD5

    7e90d8cf11b36e8d8ddfd24b787e1216

  • SHA1

    ef3ced3c98a306598e869a3b8020ab99d552e6b2

  • SHA256

    3bc1e207766bcff7b7328c5d336ec8e9211485cfd05242a0ff79e1a8ef49b1fb

  • SHA512

    0de23d403ffafc55581fc885bb1cc592d52fbd02d84e6ecb81cc0cace83da42e3927e40638214a506e445e1d3a66444fbc1c239b695b1e6eeb1ca9f2c8d1a72c

  • SSDEEP

    98304:rHGwng2vWbuRE18PjjbLaP3sD5itHHHP6pgwIF4agdyYA8Cn7LYJcj:L7nl+cm8aP3rHn9wU4agNCnwWj

Malware Config

Targets

    • Target

      launcherfull-shiginima-v4400.exe

    • Size

      5.4MB

    • MD5

      c3db052da531710367faf5e011475715

    • SHA1

      46f599e4e1ece582006739debe0a522925a9cd13

    • SHA256

      7c6220b046553f9c95b8098ff83bfc6b7828093650becbc1b44e3d7819d7efd1

    • SHA512

      67bfb67b36dab91e37b1ada7fbd688dc39cf19c337e3938d1f7e4f47173b7dc9d0b93dc035d6511ce65b8fe44384bb9cffa9953e97c6fffadb29fd561eec7feb

    • SSDEEP

      98304:qpTJ89MMbcZsgsDlilods/txVGHTJKsTnEFnAzvDfBzXEYNsJ5Ono:aTm9MMbcFililB0HdRTnEFnAzlEQsJ5H

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks