Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
KMS_Pico_Full_Setup.zip
-
Size
5.8MB
-
Sample
230518-vxll2sdb62
-
MD5
55dcba3a2637da79ca9180eb2cbdd058
-
SHA1
8c445ebd0bdc8eb148c975781afcb3c696587736
-
SHA256
abcd458d20f7a902794b58d130de3dc4036a44f2eab26a53c5bb04b15afc6903
-
SHA512
16bb79d694cab4d9387641b9dbcf178ee33045b4a6f337382ebbce34341a92bfcca99fa9e15f448677db85f974995463cde3cb2facfba88e5a709b2d93b66993
-
SSDEEP
98304:OWEQUJXXm/g9e6AI46ZLhRFtZybLTlc2Y9Yn870K/WqFe7wfiv3aALQ6tZ62Aew:OWE9XXmIJAI4Q2l5Y9YLwFeWaZrP62Aj
Static task
static1
Behavioral task
behavioral1
Sample
KMS_Pico_Full_Setup.zip
Resource
win7-20230220-es
Behavioral task
behavioral2
Sample
KMS_Pico_Full_Setup.zip
Resource
win10v2004-20230220-es
Behavioral task
behavioral3
Sample
Password.txt
Resource
win7-20230220-es
Behavioral task
behavioral4
Sample
Password.txt
Resource
win10v2004-20230220-es
Behavioral task
behavioral5
Sample
Setup_File_KMS_Pico.exe
Resource
win7-20230220-es
Behavioral task
behavioral6
Sample
Setup_File_KMS_Pico.exe
Resource
win10v2004-20230220-es
Malware Config
Extracted
cryptbot
http://yawfyx24.top/gate.php
Targets
-
-
Target
KMS_Pico_Full_Setup.zip
-
Size
5.8MB
-
MD5
55dcba3a2637da79ca9180eb2cbdd058
-
SHA1
8c445ebd0bdc8eb148c975781afcb3c696587736
-
SHA256
abcd458d20f7a902794b58d130de3dc4036a44f2eab26a53c5bb04b15afc6903
-
SHA512
16bb79d694cab4d9387641b9dbcf178ee33045b4a6f337382ebbce34341a92bfcca99fa9e15f448677db85f974995463cde3cb2facfba88e5a709b2d93b66993
-
SSDEEP
98304:OWEQUJXXm/g9e6AI46ZLhRFtZybLTlc2Y9Yn870K/WqFe7wfiv3aALQ6tZ62Aew:OWE9XXmIJAI4Q2l5Y9YLwFeWaZrP62Aj
Score1/10 -
-
-
Target
Password.txt
-
Size
18B
-
MD5
c44669219a77bcb6e04ccc9a7dc8905b
-
SHA1
cc10be56e2a5415ed3ed286734bee8f0741d92bd
-
SHA256
8406e6d1a644f797995907ec0a18d8104d1e8c5ffac8f4f874c11e5d92aff969
-
SHA512
2ea589c6612eaae6fdc3613df8438df4df92c76e39ba527f07477635d8e86ad4d473c941b77cadd3195cba4296ed3eb5d1f57c5b100279617b6a3399d880fbe2
Score1/10 -
-
-
Target
Setup_File_KMS_Pico.exe
-
Size
5.9MB
-
MD5
c2b81d548b4dd613a4ff3f3c05ea6716
-
SHA1
3a0fce6c9030d95bd4d825a0e5eb9bdd7d442c75
-
SHA256
057c4de6f0478c0abfa1f6ceb87be4381e1ac2a6ab5ab0bc0bfbf8e18de40cfe
-
SHA512
beccbc9105da411667b83f7028df90ecd17e9d494f0535df4635cdc31b8a83e0c74b18d54223308d37095583683318ae548cb37a54f9a634a37e6d61d125b3e0
-
SSDEEP
98304:5bQqRZbDm1gvsKm4U65d3JfHJ8bdvlC+chgnCN0g7YqBw/qfipVQMDkGhRCogKP:5BbDmuHm4U+Ml7chgVUBw4ELbHCogKP
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-