Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    WinSetView-main.zip

  • Size

    1.0MB

  • Sample

    230707-y8zvlabd96

  • MD5

    43ad0882bdd68c17faa10b399666648e

  • SHA1

    b61ab9c82ee6d31ca79576f60da3a970d5c30578

  • SHA256

    63ff7f699ccb77d08b4d31b6c90627cf78c2c269e5ba51d6657d4baeacee7951

  • SHA512

    f6e9106f12a09e9c29fa0df5eae0da5e61165badc8959b423c9dbec355ae7bee7124f74ce381508ea6a799af23853ec255c4e890a1e7eedfe1207012ec961ea0

  • SSDEEP

    12288:D3nr9jlBhvaGUBDKIInkxRmyR8KKi0lfL8355jjQR+7570GcafLxEwEOhchNeLEO:DrVlBYoYFN0VATvQu0YGvc6oIGgY

Score
10/10

Malware Config

Targets

    • Target

      WinSetView-main/AppData/Win10-Example.ini

    • Size

      14KB

    • MD5

      81e145120110f33443c2ad239fd7f337

    • SHA1

      75db790ae7ca9d576b37741ca6ae5885776b66ef

    • SHA256

      b25fc0503069553c75a7e1adc240efd16a6f9087043fbe19bf563a19ab6c8e97

    • SHA512

      d0c6ed4b2a6fcc94eac53d3493a0dd1d3fa32f913ee563d7f2a69bae8cd4d25892a423d1f198efbd04b771996e57e74448425ef94d36f6d16794c75c54fa6b62

    • SSDEEP

      384:mZpZDZGZAZVZNZZZKZuZ8lJlXlvlvdCdWdbvdlshsosA2shP96P9RP9tZWZnUZnI:zg8V2

    Score
    1/10
    • Target

      WinSetView-main/AppData/Win10-Microsoft-Defaults.ini

    • Size

      11KB

    • MD5

      bb90470d36de116bbfd33157e4a1b758

    • SHA1

      ac81a5569210d4e96e016f5b19395ed0e2004377

    • SHA256

      4af0a740351393635185002535757fd671ca016123bab3fab35f05cbe2895e48

    • SHA512

      6de13109661d58d182af1cbc2d52dd75d27e36b1daee8fe3c1a200985306fdb6953abdd14f6e84543d29b799611eabefc22de90c0fd4070f55f6feea93cda879

    • SSDEEP

      192:MNVPyS4VFRbUVoaVuy5ybWytBSaCbDSPSe3vd7vdbrvdIvcVRwVbo6VRChxTYxLF:QVPyvVFRgVoaVuy5yKytBSaCXSPSuF7i

    Score
    1/10
    • Target

      WinSetView-main/AppData/Win10.ini

    • Size

      7KB

    • MD5

      8d19042a42fa997c68a3107e34c21e4c

    • SHA1

      ae7a0ab249d320cb7e12b9669c8f319b5db53929

    • SHA256

      8623aca285db6e56a49867e2901cbff098dedeb988eadf4c6d11231754077ffb

    • SHA512

      6d7c79943d33c6838001b6a39cd9c82cf5528ec52d0f645605871f2f2f9afa11cac32a48c123a408e9c295ddfcdf909f992abf12ca625787bd233ee1bcb60231

    • SSDEEP

      192:mvPBvDvGvbUvo2vNv5vbWvOvjvJvbDvPve3v0vbkvUvRUvRzvboNvRGvyv/evdvl:mvPBvDvGvgvo2vNv5vKvOvjvJvXvPvCV

    Score
    1/10
    • Target

      WinSetView-main/Tools/CaptureCustom.vbs

    • Size

      2KB

    • MD5

      4681c9a5aad5f50d24ebeb1582a0ebe8

    • SHA1

      1efa872cc4c906d2f71c3f0507fd504e52703c3c

    • SHA256

      989daadf9490587be71d934526c86777b3efeafdcc2f0ee3a5941648c2667d27

    • SHA512

      2e5f1a9dff79406e1bc0cc8d245184863d8d7d90c0211bca745eb9a0697f1fc10401fce4e661a14012b7c41c405f002a6e9cfa9567b53bbc040b6f6aed035332

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      WinSetView-main/Tools/WinSetBak.cmd

    • Size

      4KB

    • MD5

      050c3a4f7af319080e7757cd4d2e1565

    • SHA1

      981e6aa6f8456b5dea79dae29660907a4205576e

    • SHA256

      bddfcf49982865cd780ae877ef9fd2c7e67b9de653f6ff107709269e8d914cd1

    • SHA512

      9be7b63e48ef977d1769f079d78e88060eea058cdad130dbc590146b2c3a8c09f2f59551641700897c78349ec3207bb1b56bb178a7f6f5cacc586ad28c665d04

    • SSDEEP

      96:MRjT7Oxdvmxyk5ds5GsO1UoUefYpCiqcxUXK9obuRzgVCPBRkBh/:MRzyjgOxUXK9obuRzgVCPnu/

    Score
    1/10
    • Target

      WinSetView-main/Tools/WinSetBak.ps1

    • Size

      5KB

    • MD5

      7bae087bc6adf05b42e7de4f35c4955f

    • SHA1

      04d56b4c19df0f7f5bdd10e3fe585d4fb20ce64c

    • SHA256

      fc42caaa6c9396734fdbbde8b991b758a5f7fff4040e0d7de7483061dca1c627

    • SHA512

      aedd9a318a5900d163124af533a81d71be4b485572d603969de2f0f65b3c45d5b3be35b9c99d66e1ef0b8ec8e26f7343dc97c40ed5257e9f088208db6fd343d1

    • SSDEEP

      96:2s2UKuHUMJQxus+m/7lu9iuvVwAdA5p58lO1KLtqZSQ1mqjVaIeqf0xBL8:2sJSush/7lu9iuWRFRavqL

    Score
    1/10
    • Target

      WinSetView-main/Tools/WinSetView.vbs

    • Size

      820B

    • MD5

      f44e5a1d8d274ce90efee96b5ac4f370

    • SHA1

      ff7f6c35d462bac6c432f5feb2fe02e1c7490406

    • SHA256

      74b40cf1881823b2dce8d9a7cd295443735ff6fb51782b9aa9a97ef7b905ecfd

    • SHA512

      2536626d88c64bc998d34cddaf039603dc1cf11042e01f920983da500506e1b8e468c31b62f38f1464f0e04b5fb531d6fadc14372ca8a0ecb6c345996bdfb009

    Score
    1/10
    • Target

      WinSetView-main/WinSetView.exe

    • Size

      595KB

    • MD5

      1c1d27ef7cf9da94368b292ef041c806

    • SHA1

      00d1059055ae0af9abc3d830ddf7071878bb70aa

    • SHA256

      e513cc14c0077b9b6b0ad84718682ec1caee4aeb6e55ca063eec5fbdc6ea2bf7

    • SHA512

      c50b61e0090f86f6eea5b0f52dfc19ec4800ec2625bd2b2a86a273cf4b1aeeba934ad0b1b4651abb9704b24d2290ab0566656968b89a4ef5c9fe1d686569f0e9

    • SSDEEP

      12288:cydX1iNiv+ESGJ9teoeMKIW/UslACzriP:ccXENiv6GJDeD+SnlfiP

    Score
    10/10
    • Modifies visibility of file extensions in Explorer

    • Modifies Installed Components in the registry

    • Legitimate hosting services abused for malware hosting/C2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      WinSetView-main/WinSetView.ps1

    • Size

      18KB

    • MD5

      bb990110e5e561a8703fc6967085c9ed

    • SHA1

      0ddfb599074370286c74dc1ab50fa2873305e06d

    • SHA256

      daf74ad9235867f5e3b4a3c656652596114557846772f6a3cc76ed939b2104b7

    • SHA512

      39dda8bc602c888154260f25ae61651ff7a38ca9fea7dce4da2de001e363beb121825c4d72de9ffcb49c2b00c27e0d0dfc06f17d7e5ee02b2ec088981fb55ac5

    • SSDEEP

      384:NBvxHMU99VdiOo5SBapEjetaPYKbhKk5wSj7SUSrvRfmuOclbjDtfUQ:Pr9VdiOo5SBapEjetaPYKbhKk5VjuRrx

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks