Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

25/04/2023, 20:18

230425-y3j7yscg23 10

General

  • Target

    Atlas.Playbook.22H2.v0.2.zip

  • Size

    2.5MB

  • Sample

    230425-y3j7yscg23

  • MD5

    a2d23532c10384caf831b20d5918f3a4

  • SHA1

    fdab91979b2664c61d66066e1ab4e846172c28ff

  • SHA256

    d261cc4cc40165817ae64ca19140e5c574f36d97c703165256e92e1df02becd0

  • SHA512

    12670994bf8957d97bf85a5858b7b04cc1d330ad6215b6333af0a3b14890312b39511365302433adb187e8ba638f6fd737efac9541edbc27623f819579415e7d

  • SSDEEP

    49152:22KlMManjcsIZfTMt4ibP1x6ElaJGT3H4uUNkSPKHwgi1y9A+P7YUKkvA6mjeLS:2apnosYf4p1xBlaJGT3B2k6RNIGO7YUo

Score
10/10
upx

Malware Config

Targets

    • Target

      Executables/Atlas/4. Troubleshooting/Visual C++ Redistributables/Visual C++ Redistributables AIO Source.url

    • Size

      62B

    • MD5

      0eb6db9f1b790efb884c2f0838d76cf9

    • SHA1

      aa2ec58b483018e314c0f9ddc024ccba5975b141

    • SHA256

      db3544d211572327160c1c1a274fcb65be389a34261c65d4851515cb5960295b

    • SHA512

      362e1694148d077e738afd45b41b9db8ccb64b465a6ee898fa9953eed879b6b1f9bdc270ec7e7f9753d8f38096e382ad192ca2c92b3d157676755f632f468b42

    Score
    1/10
    • Target

      Executables/Atlas/Atlas Discord.url

    • Size

      51B

    • MD5

      07290ac23be722964f44266192724a84

    • SHA1

      3ffae2805e99970fc8efb5c678257ddba6f89a05

    • SHA256

      d75ca0fc16867a46b041630bdf48816ebc6306f00198473602184cc0a44e8f4c

    • SHA512

      8866ec1c25be1fdac90baf59513e2cf6d58d73c90b3fe24ea3e3ced3b6dc40b8359f9d5b5431cd6783bba70a2bf7ab89d071acce3764bf5d0d0abc4dd18bde93

    Score
    1/10
    • Target

      Executables/Atlas/Atlas Documentation.url

    • Size

      48B

    • MD5

      42dbd781d13581101d6602d25c5337f7

    • SHA1

      88e3e21a538aaff5d7fa6642235635f49541ac90

    • SHA256

      5c5ee218c5f24980d85b201bb4f1e2ff0542965f3332fb5ac782093bd6877d20

    • SHA512

      d7d0d3e232d2fb16b3d914cf09fd4af1c5045fba4cc0ea948c0c893265ce2e792643364f3491914d572502b085a736bc51639d63ed33523cdf350e30777c8a26

    Score
    1/10
    • Target

      Executables/Atlas/Atlas Forum.url

    • Size

      49B

    • MD5

      82859ed490a7a5494b22b519caf9633b

    • SHA1

      500010a00cd4ad7ad65174a03ca268432e147f34

    • SHA256

      db42f1e6071b553d1516586b058602746c6ebb9a788f13185623d01d8f07ccde

    • SHA512

      b21778366a0d730ba42550cf0f5b33fe7b3a72893373be712955b58f4473a4d241dc59ac74b0e2bb54878e7a2f9cde589a9355ded0baa7be0e46fdf6f05e45a2

    Score
    1/10
    • Target

      Executables/Atlas/Atlas GitHub.url

    • Size

      57B

    • MD5

      dda895acf3e4c2bf4217effd65fc29f2

    • SHA1

      d8de371e34d21183bd197ee20a8e1a2d2042ebdc

    • SHA256

      cc29e2bc9aab2b173f125cee49c54b844262f48b65dc0f67e2fcf02c25d5cc02

    • SHA512

      4f3e2a29997cee7a2ed61a247f8c39f185176fe18106ce3f0e50c2ff89eb09249dfe3db3b3735a0f09133fcddfb4f89a181a7f968756e02e951a01c3ce082a96

    Score
    1/10
    • Target

      Executables/Atlas/Atlas Website.url

    • Size

      43B

    • MD5

      84fa6740ddca2a3d5c87d99a868e46e0

    • SHA1

      8d296a4c56f741810ede68a7c614944c7a3988bd

    • SHA256

      bccb5c173dc745415981edf88d9d31a2e3b853f3dcecdf936c2a36a8928df964

    • SHA512

      92f3165e1b32b9f0c0f56ab64c915f677978fa4a84c5401ba8ec46406e111509f60816093ccd2320a05381008f48606abc60556d272990d51f5585997762bcff

    Score
    1/10
    • Target

      Executables/AtlasModules/Acknowledgements/Atlas Utilities (filepicker & multichoice).url

    • Size

      67B

    • MD5

      6c8f74a0ceecebbe88f912972e9ec3b8

    • SHA1

      01eb0a79d2d11c4150b6fc4c3a54c551b317428f

    • SHA256

      350253efe415d7dcfd6dd556e95da3020f64a7f7ba48cf8c8459ddd6b046433d

    • SHA512

      fa3ed873d0280fda303e8bc009fed954f8987907a16bbb52f8d768a27f05c54b124a418298a6a2458712653b3ec88df1174ed25284348c42778ab011328e6eab

    Score
    1/10
    • Target

      Executables/AtlasModules/Acknowledgements/setSvc GitHub.url

    • Size

      56B

    • MD5

      59e7979e74b00bebb7d56e094f2cacc2

    • SHA1

      d758ed52eed1a4f779bccf6038c8802448ac9761

    • SHA256

      37f34726649c659fa6038cdfc76259c866b05e473ace0a417b83de5e9dd28c50

    • SHA512

      b06ab922a507a34631a629b8d69265313382e9cee8487b9688978d7f08aaf7d0039dd4ab1d954ee8240c6901e33bb1b2976b952ace0c1b01942fec784361f699

    Score
    1/10
    • Target

      Executables/AtlasModules/Scripts/Auto-Cleaner.cmd

    • Size

      1KB

    • MD5

      385004fc5f168224a63a6ffc89c0b8a2

    • SHA1

      4d2f8af8bdd7c6212c129b4a73b463b4b2f7acb3

    • SHA256

      e49d0ad09a63268f89ca78ff02a7453ad98e5e58a4a5bb8db6d64e3a3440a5f6

    • SHA512

      d30e4449a3ff551a288300026a4a08912e30796a284c03155ff5f16f0756103de16d8eb8c101250963c7570f54cbc6e9bf3229d101a17da40b5d5d5df14d353e

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Target

      Executables/AtlasModules/Scripts/RunAsTI.cmd

    • Size

      7KB

    • MD5

      58d3e9a4570d66eb9fcbabf715fa75c1

    • SHA1

      7981f41f7db56448c803db11856c3c771cb0cf27

    • SHA256

      b2b1ddb8430533f2a87aa40a4e7d79df76d2b9cf146bfa9652f91d266d7ba690

    • SHA512

      a5c3ead2bf4883f6eeea268ea73f2907ed5840d69f78d8c74f2695b5ed293290c3ecb7942b3d3bab265a5cd9ca3b31615a0976bd08f0d6f1338dfc5dc03ad767

    • SSDEEP

      192:1tYHOTnAJxIX3MJwKb7kJkZL0+qxsD9xG6l7AboMlkObV:1tiOTnf3cxvJCxCRKboMlR

    Score
    1/10
    • Target

      Executables/AtlasModules/Scripts/setSvc.cmd

    • Size

      2KB

    • MD5

      a7d3e4ffbb7206374740a5e348ca2380

    • SHA1

      6b15231dbb2444198faf876ce420ebff9961383e

    • SHA256

      be86445c1f6e88a1c4a1df2c457ced5157c3d712d176011dfaee662403f70b22

    • SHA512

      4183c4c47720232592d0e73fd57373ff7ef69279f93b65cc208db72d89b427435517acbe62ab34005d7de156b172f492cc78437f3a808318f9c3748718b81390

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Target

      Executables/AtlasModules/Scripts/toggleDev.cmd

    • Size

      2KB

    • MD5

      0fc5e92349540a7b7b27e7789bead68b

    • SHA1

      47ee8a756177cea917ebf48b310f37d5d731a5a1

    • SHA256

      0907166805d83bde4d169ead6641a3f82c5c6a694d158455f1bb1471a5d33a24

    • SHA512

      5989bd61248920b57bb106615c39b44cb0a47400a44001beea078d2d56d7892ccb198e8a5c2311e802b4b3103e7c48d40d0a91fbfe4d41fc81ac966aed017f5c

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Target

      Executables/AtlasModules/Tools/filepicker.exe

    • Size

      145KB

    • MD5

      d075ecf7e4ae297b50672c392588e368

    • SHA1

      cfc02b6f52bacdd691722ec50456a90b9d2f24f8

    • SHA256

      10a9ab81de68a6acebd6e0d393ecc8869a4dae852f78cf9093740ad8752da0de

    • SHA512

      8df70762db0a3813ee4b73e77f965ca2a33dc5838fcb30f038ed6e66d0b61c4c3f51a2700dbb8a015f5a7d95951d7aa01e426398c3d284b6f7c89639cf30fb06

    • SSDEEP

      3072:Xdd0KiEvENBYIhnGEhekJ5xNTLD5ZhwmR4lgHAp/W:Xdd15EAiGEjJ1TLD5ZhKBF

    Score
    3/10
    • Target

      Executables/AtlasModules/Tools/multichoice.exe

    • Size

      1.3MB

    • MD5

      796f10d094bb0b63d61e6570a9aee52d

    • SHA1

      81c22bb59a62037f2f7078fb489245ee964e09a4

    • SHA256

      6ab2ff0163afe0fac4e7506f9a63293421a1880076944339700a59a06578927d

    • SHA512

      1d6b13ea9ee26bd0f8b680e6f4eb6aa11c1ca7d1f285c76ba7440ea434b8c9eac7adc5bb42bd5c2d2329103a57288e16c41427b2b068cefb4940cecd8c0c7f06

    • SSDEEP

      24576:RJrzefrwX4O0XGSEBqSE9GMrxzLjWrHIMlrdo7jzTjBHsPFXRad:RwsuGS4W9rRjXQdo7nTj5gFX4d

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Executables/BACKUP1.cmd

    • Size

      621B

    • MD5

      852e6311620a167a9400c3fb41714952

    • SHA1

      eec1c265b036e5b821bc7967b152aefe95c63113

    • SHA256

      8f098e1976d6c843afc7e7b1752b936195280ba81d18abc28067ef7c0275bccc

    • SHA512

      4ed7fbb6557f00eebaba6acd02d82a741287e9333906704879542d82765d72736bdb3eb53ad9d421df0b17ba0adfd9ba7b199a7c32141a9b22eb5e69b93b3baf

    Score
    1/10
    • Target

      Executables/BACKUP2.cmd

    • Size

      619B

    • MD5

      a9eeec6c9d7ed30287de139e4bc11b33

    • SHA1

      de1b5b140b75fe2825f6ff6d47c1403cb84a285c

    • SHA256

      37ca1306be3dad131933ae00649707d7dade254090aa250a8a72329e8a38d19a

    • SHA512

      8ae39e476efbd783d451781feb7429e49fde5422156aa9bede4622b71ad0bb085437c3a3db2ec9bc981e250db35378405a41ef72be3eee01102c619e42d7682e

    Score
    1/10
    • Target

      Executables/CONVERTUSERS.cmd

    • Size

      1KB

    • MD5

      c3d6c5fcf9e5b2d38ffb8f9e4edda61e

    • SHA1

      275ce13f5ec6137acd09567fca3829b4a553d75f

    • SHA256

      dfe4cf6f461658171f5923b7740112aff1130c48189bbbeec1f5d53feb879815

    • SHA512

      9092053297a5b6527f9849381a91a4aec5ed460e9dc8e3fe96412bdc990fa1fe40cb2c3617b4a600482c6e2cc6c1b1da28285c041b90c469d8f597f2c90ed993

    Score
    1/10
    • Target

      Executables/COPYDESKTOP.cmd

    • Size

      272B

    • MD5

      9f363cdcd66c05de634c0680a8b61a4f

    • SHA1

      121f7c9e4de68198d5f13e3f5d17e02eca53fc8b

    • SHA256

      05c7b343b863e81283f95a8c83cebce87798b9b9c8fc99f7771496170a96c0c6

    • SHA512

      a8dcc8c6f4dcfaf7e6a20adae0a50389dceaf72d62c0ab882e8f1fa92338e25d2dd5881e2b6f267b8a64ca5e9263e5c5061555140098d22d3f8c7a8cda311826

    Score
    1/10
    • Target

      Executables/DISABLEPNP.ps1

    • Size

      1KB

    • MD5

      2812612410aabaa1ff1d08c56313f6e6

    • SHA1

      ebb9b57cb28822a1026c0b14028fcf55b653fdd5

    • SHA256

      066bc85aa9739287d92a69decaa1f74ce4112c2d72cf46a7b4a588d97be4cf03

    • SHA512

      fec99aba0eff6410234feaf6ef236e6154456e95e0cb88bc63ed179bc840b98ee2611a9039b1ed14d00fa9b212af501c1df81cc82573e763514d02d6085fafa2

    Score
    1/10
    • Target

      Executables/EDGE.cmd

    • Size

      2KB

    • MD5

      f72816519ebf6d36a20f81757a4e7c84

    • SHA1

      a414269462f5e1336f93d491573ac74c5d0aee42

    • SHA256

      950bb700b28e6fc95131219315658a6edcbef6abf23243f0099f0539ed6f8901

    • SHA512

      936215e7a92a76a8dd4b3c904781760965713e941c27f5c657045c5a959d954b6e0aa4acef20037c15005c40c06a3740823fb679f967872f53d78f6f06b47646

    Score
    1/10
    • Target

      Executables/FINALIZE.cmd

    • Size

      10KB

    • MD5

      65b5ea0e86c52c2919c2cd6f6eb89747

    • SHA1

      1d959f9373947c04904e59c57e7e695ec0878f89

    • SHA256

      8d2fa62bf65c4d77677d10d558fd2fb17afcdf19b9408ceac678746d2b92cedc

    • SHA512

      ca738cd11043c4e6afde9ffb4afda28d1ff56f0dba9359fb5892c2c26153d4444681c4cbafc89ec208ccd866ad58e3cbc1157aca320e69841075afc589bd1e45

    • SSDEEP

      192:pxSeJHItmmxUXvP519sCHSFvVFC7nl4ILoJ77tR0/bF7MlWWgEVVmgOcMEeRtk3v:pxSeJHIK519VyFvMlUIXWpwxrVJMb

    Score
    6/10
    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      Executables/MITIGATIONPROMPT.ps1

    • Size

      1KB

    • MD5

      af4de2e912178cccd203fd7b32349d52

    • SHA1

      18416e7f32e2ddf3340759f5f3656232a59e5493

    • SHA256

      e2dc22b28ae89ce1a41b7760061fc4ba9838bede76d6dc5d78626ae3f53abb4e

    • SHA512

      6b5418555b8a6075141c9e1945a2f59ead458a0964f50cb1e26805ce46678dfd8ec65a606d62e327a4d1bfcde21d2b8b13cbdf8798c8b9634767942b078bb969

    Score
    1/10
    • Target

      Executables/ONED.cmd

    • Size

      1KB

    • MD5

      cec711d5a97da76868926c26c9c009ae

    • SHA1

      5e24bf73cb882d92b72b5a9fe9bfd014d334630a

    • SHA256

      1d3873bbddece264a56a6287ce879ee778033f3232978e53cd4868186c78fff5

    • SHA512

      3a5649f52d103a50a48d6ffabdc304d927c468cc5ce512278461f4f41171d59c31d243f34bb368f737ca9baee442ef8def732e315dc19f442323a2cb271589fb

    Score
    1/10
    • Target

      Executables/PFP.cmd

    • Size

      3KB

    • MD5

      1cdee74c0e00beaf339589e39ea3e3c8

    • SHA1

      520e56b6c883e81e8b8609e43a8d65040965ea44

    • SHA256

      c43214ef8d9f781147d1781348b0d071d6385619e73629af097c494d57a9f06a

    • SHA512

      7a891affd1503ed56b88b7dc3638d6805d91724fb2adfb0c539471c931bd5baae8d33774ede5a2c645d90d78695e17c07a478aaf0ec306b19cb414c446c3847a

    Score
    1/10
    • Target

      Executables/POWER.cmd

    • Size

      6KB

    • MD5

      bfbb809dea0ad939fa9af484ba27f6e7

    • SHA1

      189e7b5f5fa10e3722797bd034250674b32c75e4

    • SHA256

      71cedd088351abdc9c230b3bd70a1f991d126ead5e4140b4936c535352ac64d6

    • SHA512

      eea305245079f6790851060edd06a9c465d7b1916fdd42ae2597bef585edf0f78ba66dbc94dd522b6490a72f046b3409b3ed7fc91abada42580af7d124c12d3b

    • SSDEEP

      192:/e+zEifjkzn0ClwyTf5JuT+P8hvLzp83qkOh:GZlnffuSPy

    Score
    1/10
    • Target

      Executables/STARTMENU.cmd

    • Size

      2KB

    • MD5

      c031ff4e95a49ec045951e7719fe3430

    • SHA1

      96dc5c0d9ccf656f5c4097e9e192b5290fe3f1d8

    • SHA256

      b4856939dcc61ec37e5f5b0d37292486b12dbb0171e28fa08bce19d1498032a0

    • SHA512

      d65e0a8b937d60385657c6a34599457a60c5e6134788e8d798ad37e75c36147eca83123b1bfbe020f40482759de1087231fe1cb5ece998372906f94605a45002

    Score
    4/10
    • Target

      Executables/UPDHEALTH.cmd

    • Size

      1KB

    • MD5

      1b241a1abbaa55fee0cd88e7f9995f38

    • SHA1

      37bbf721b8d8c8de79364891ea477a024a561fd3

    • SHA256

      5b91efc5bdb2e642e50ad0c38cea03daeb8717a3905a4b8792ea9e09f13c9200

    • SHA512

      f1a4000784eb459451a97bdb09e118cda3836a597b5b67ba1bc39fc5f7ddb6cbb26cd43e9e2a3be8203aad75f157a53e6ed4c1de3fe6c6505231b64c392c8868

    Score
    1/10
    • Target

      Executables/WALLPAPER.cmd

    • Size

      2KB

    • MD5

      a32722ee00e08c05a3effb3d1215baa9

    • SHA1

      e480cef2dc06d46d5bb18d20c77cbf750a20ac45

    • SHA256

      b98263cea6af6eea2d561c840cf14a1c775ec4e6bedeb975833889c51a9fe591

    • SHA512

      6255ce91f4c1a7c9c325f1e0a0339791ae3ca8891a638def98042da627110524b5c19a1bc66b84121085f211d1162a81f6330e88b0539f5010fda2f0a1a2dd18

    Score
    4/10
    • Target

      Executables/Web/Screen/img100.jpg

    • Size

      1000KB

    • MD5

      56adf4ee298c8cfb89111b93a438811b

    • SHA1

      c2e292c36d3b62da88a769586918598978536650

    • SHA256

      8cc128c998e63dad4ad4f84500afdbbc202e3023ee25ed190b8f7c1a540455ac

    • SHA512

      2ffc6888d46ca7d40fa0e265036de96a9f8f2702ad74a54c81cfb052049d9b92b023138822fc54cb67aee1b1a5ba73d7c13d21b2e1f57e2f21fab73114c38f84

    • SSDEEP

      24576:qNJxdGVE/S+M8XAAkqwksFScVbeGO1cR5JnCHbvzPu2IsFG:qNJxAMc5QwkmScJeDe/abvzVo

    Score
    3/10
    • Target

      Executables/Web/Wallpaper/Windows/atlas-dark.jpg

    • Size

      13KB

    • MD5

      49acb9496816f519565e4df7ce171ad3

    • SHA1

      10e9b5cf85a601a83d5ab8ab2fb34360c6ab23d9

    • SHA256

      dbe9fc67c1c33307c0076ef7ccbfc00246943d78dce913fc460b223223a18f82

    • SHA512

      e10e6c84b04242e2debbfcaf302cd9531a7ffb6c6820db02fda93ec041a53d0965551c6dd9fc77ed3f52b437bb7302737fb8337ca176ddacd0888080c8b9f76a

    • SSDEEP

      48:9/6ppFYUXbnFW/s4A+a9kRDO0fnq+SgV/PNDaVIKljgsjW7T18xg81:9SrSoTJHv9tCSgEjK/Wh

    Score
    3/10
    • Target

      Executables/Web/Wallpaper/Windows/atlas-light.jpg

    • Size

      12KB

    • MD5

      8e1fce7ff8e19657080e4e3444f5998c

    • SHA1

      870e2751d32bed5fd8c329ced9a0c2cc9d12a6bf

    • SHA256

      03fb04e7069a2bf89a5e8a0278344df3f02f1f96ff4d347d810b2940bac9a152

    • SHA512

      7be971303211af87088235c7cc66107905cc6436c039e01413d5368e667c04ed3956448ed4a31677e3ad517cae1e9b9d068201653b4643993b3b295d4b999356

    • SSDEEP

      48:9/6x0aA5DzE9/KDJLxn1AS4Zyey0D/hHZygbsxNWSkFOmUGa/P1RTcPpENv3KD0h:9Sx0a0/D/1j4cey0bba3ezkPnQQ3KYh

    Score
    3/10
    • Target

      playbook.conf

    • Size

      932B

    • MD5

      bd8eddeec69fe2b68aff7212e3a5f871

    • SHA1

      55abc3e8eea9e4efb9e4aca8a9ea06c2ea8c1067

    • SHA256

      8c6d7aec4f388573dffa282be41ba5034e7e2255ee5b6d807c1616fe9fc9b712

    • SHA512

      fb3d6e18be4d01bbbacd2c6f737bf887d0d518633515426f6378fcbc83085fcf365ffe83f7946a9d9ec081e83eee925ff6cd0b6654bb61afbabe92a3b75b94b5

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks