Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
KRNLWRD.rar
-
Size
5.5MB
-
Sample
230708-ylldpahf49
-
MD5
79c6e7a622b2c1379a8144c9d1ddeee2
-
SHA1
f60e0fd39d41e2d4b0ed9fda16fc8f54e64d2b71
-
SHA256
2c21ca7f232beffd48a26b0efb80cbbe93345184f29eee2cf175c73d6822c204
-
SHA512
0c5c612929d1668ee7c40e210b0f8520c69f8917f1de8bf19fa932900c56a22ce1336f8dc5b7d410633f26f4157130a2583b3b94f0bc849a49b84decd3ae56a6
-
SSDEEP
98304:q1cOn9jxVE/jeMQychzOeGVffeVrkHUucEW18NdBhC7u1r1Cr9aQxUw:qOOdE3qhzXGVHeVr/mAuJ141H
Static task
static1
Behavioral task
behavioral1
Sample
KRNLWRD/Bunifu_UI_v1.5.3.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
KRNLWRD/ScintillaNET.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
KRNLWRD/injector.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral4
Sample
KRNLWRD/krnl.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
KRNLWRD/krnl.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral6
Sample
KRNLWRD/krnlss.exe.xml
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
KRNLWRD/Bunifu_UI_v1.5.3.dll
-
Size
236KB
-
MD5
2ecb51ab00c5f340380ecf849291dbcf
-
SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931
-
SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
-
SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
-
SSDEEP
6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
KRNLWRD/ScintillaNET.dll
-
Size
1.3MB
-
MD5
9166536c31f4e725e6befe85e2889a4b
-
SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
-
SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
-
SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
-
SSDEEP
24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score1/10 -
-
-
Target
KRNLWRD/injector.dll
-
Size
1.2MB
-
MD5
a1b9c6fdb702f4456a385ee93a1a77eb
-
SHA1
283b10148e08fa8bd6d8ec47f8e62c556fb768cc
-
SHA256
4cd782cfc5344a942f3f0a61c021122ded48b5e175de76f393419901708c04d4
-
SHA512
447ed5b2656fdb225c799270421b9e3459ac44ae7be06a84bd6c67c2304b8076eb562e3d191e8a43190338fa4e67a8b3cf7afd3eb788c707497cb090b98af0ca
-
SSDEEP
24576:F4L8ZNLC0RaGGeeh9dWHjQyAToCF+i15b1lpJyIOYCdcb65Jhz+:Fxf89ajQyAToCF+iVJyIHocb65Hz+
Score3/10 -
-
-
Target
KRNLWRD/krnl.dll
-
Size
3.6MB
-
MD5
fc60421668db13abf48ba5465e3ab495
-
SHA1
6b13d1a54e8b48202e21f67216ca67b7bc4df2d2
-
SHA256
a03e2456d3464bbfecd36969db85c24d313d6e5fb033861112f477e81373768b
-
SHA512
0a1de5cfd2599171036a365cf86ce421215dc7883012080cc65161935e9dc4b6e4a2b6176cf7239755c2fc85c39c0269fea054c0db5906df7b7f36d655a4d9e5
-
SSDEEP
49152:hkNojQZIux3HiL0d1iHMb/6ThRaIg1YYy1Oj7HqEawQrrrtBVi0EESW/JedjXwfs:5Xux3qI1isbSThRab1bymaj/LoEV0hy
Score3/10 -
-
-
Target
KRNLWRD/krnl.exe
-
Size
1.5MB
-
MD5
b4d30c9b8d8285090d6a23f86c9d418e
-
SHA1
ec0749a7d4d0fe5ebcb6fe732a839c13f02bb4f8
-
SHA256
16a708453fef15c6949ef6278020b9df440bb5e93d2b644dacc37729f3e6c09f
-
SHA512
9e38805aedc2276e7fe457cb9b2f7d5432ea69049bfc1876969f072e6c73e067808072f74b9e3d97f4567ec7611e464500b229a08dd8c1737bb5ead60598cbd4
-
SSDEEP
12288:anWI3rG06x7+G70EE/0GGGGGGhGGGGxdoM43nwVkokblUI:anWuC0AC4ysGGGGGGhGGGGx1VpsL
Score3/10 -
-
-
Target
KRNLWRD/krnlss.exe.config
-
Size
202B
-
MD5
0ed4b3831ff5e91dff636145f68aac4c
-
SHA1
2d1140812945dc1b9e400a88c911803639cb2e49
-
SHA256
03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347
-
SHA512
4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c
Score1/10 -