Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

check.bat

windows7-x64

8

check.bat

windows10-2004-x64

8

install.bat

windows7-x64

8

install.bat

windows10-2004-x64

8

xmlprov.dll

windows7-x64

3

xmlprov.dll

windows10-2004-x64

3

xwtpui.dll

windows7-x64

1

xwtpui.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05880799.exe

  • Size

    2.1MB

  • Sample

    230611-nhqh5aha55

  • MD5

    32a60c3697e5d59e0cb83b9d829f256d

  • SHA1

    ea02453f526ff78604f422c02523f1d8c901fd8a

  • SHA256

    10109e69d1fb2fe8f801c3588f829e020f1f29c4638fad5394c1033bc298fd3f

  • SHA512

    f390d5c81fd3d5de054b335acc65422ff328828cb8c6dfefe4138b525112cc79f83594905dc0fd27f5d4f4c3bf8f63d754486f84c9543c2283121883c89ac486

  • SSDEEP

    49152:on4MO1HBv1i0O+hxS5dFySZe0qyKtEH20g/YOE:oaBBv1imhxS5XwEWS

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      check.bat

    • Size

      293B

    • MD5

      b3f76f60fe8737a2bd098120c7495ff1

    • SHA1

      4cd59826e2718d4e8728fc4b46f3b35fd8ee7958

    • SHA256

      a7d5f7a14e36920413e743932f26e624573bbb0f431c594fb71d87a252c8d90d

    • SHA512

      18422e43876d2ab81f74df50be6087b18233197cd5826f7dfbca1bf0f290d238fc440c93bbb3548867c58794286d96d6a5ce7f9e53a2d6a14cb49c72089581c9

    Score
    8/10
    evasionpersistence

    • Creates new service(s)

      persistence

    • Sets DLL path for service in the registry

      persistence

    • Stops running service(s)

      evasion

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      install.bat

    • Size

      1KB

    • MD5

      598217191b9283f95a025fc454b7a4f9

    • SHA1

      65c5bafccea1a60eb5efb1fbc976333b6dddbd1f

    • SHA256

      4876a41ca8919c4ff58ffb4b4df54202d82804fd85d0010669c7cb4f369c12c3

    • SHA512

      100eeaaa2a3d2cc83f9a76adc5ac81d6284b321dbbb89481d5db06e5cd24ff6de03b6cdade7833e66c976bd597019763f7e230072bf5224bb687e36067f3fb45

    Score
    8/10
    evasionpersistence

    • Creates new service(s)

      persistence

    • Sets DLL path for service in the registry

      persistence

    • Stops running service(s)

      evasion

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      xmlprov.dll

    • Size

      2.6MB

    • MD5

      b693e3d2f2cab550ad4f8c5722776498

    • SHA1

      6dc93db10d46cf777f9928803157dd16dc097e79

    • SHA256

      f702dfddbc5b4f1d5a5a9db0a2c013900d30515e69a09420a7c3f6eaac901b12

    • SHA512

      d5c02150265ab6d5d2d6a6e39514b345f6108afaecfd0d8e196b0b99d6d1af36245eb12e8a6879f16b619ba89f8eec442c394eff5f6298d1534c9f0084d63f18

    • SSDEEP

      49152:xL+qLntVtOg3gJjW4UeJiGew5o/ylRbUlo60bNBUDXVFhIECIpuXo+kY8ss:tHnsg3gZHUeANwl6SuF+SFss

    Score
    3/10
    behavioral5behavioral6

    • Target

      xwtpui.dll

    • Size

      46KB

    • MD5

      a51912c138ae264b61c6edb492c355a6

    • SHA1

      dcbc54031bcae59d583269d5f0a0d1145c8378ef

    • SHA256

      062aa6a968090cf6fd98e1ac8612dd4985bf9b29e13d60eba8f24e5a706f8311

    • SHA512

      464929224e78f4d7f316e8f178d43c513f49b8d6c65221958a5e80b420bc21f8a0677047667b34e498c8b71b920ca04568381a2e3d117cfa48da761b389ca59d

    • SSDEEP

      768:Iywffh38GsCIITQBiGyplDhCTnpvdjTzbFhh4XjkDAezKBONNc1o59QQQQQQQQfn:IFfeGseTQ2lCThdjfZvOdBTo59QQQQQW

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks