Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    KRNLWRD.rar

  • Size

    5.5MB

  • Sample

    230708-ylldpahf49

  • MD5

    79c6e7a622b2c1379a8144c9d1ddeee2

  • SHA1

    f60e0fd39d41e2d4b0ed9fda16fc8f54e64d2b71

  • SHA256

    2c21ca7f232beffd48a26b0efb80cbbe93345184f29eee2cf175c73d6822c204

  • SHA512

    0c5c612929d1668ee7c40e210b0f8520c69f8917f1de8bf19fa932900c56a22ce1336f8dc5b7d410633f26f4157130a2583b3b94f0bc849a49b84decd3ae56a6

  • SSDEEP

    98304:q1cOn9jxVE/jeMQychzOeGVffeVrkHUucEW18NdBhC7u1r1Cr9aQxUw:qOOdE3qhzXGVHeVr/mAuJ141H

Score
8/10

Malware Config

Targets

    • Target

      KRNLWRD/Bunifu_UI_v1.5.3.dll

    • Size

      236KB

    • MD5

      2ecb51ab00c5f340380ecf849291dbcf

    • SHA1

      1a4dffbce2a4ce65495ed79eab42a4da3b660931

    • SHA256

      f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

    • SHA512

      e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

    • SSDEEP

      6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG

    Score
    8/10
    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      KRNLWRD/ScintillaNET.dll

    • Size

      1.3MB

    • MD5

      9166536c31f4e725e6befe85e2889a4b

    • SHA1

      f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

    • SHA256

      ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

    • SHA512

      113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

    • SSDEEP

      24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC

    Score
    1/10
    • Target

      KRNLWRD/injector.dll

    • Size

      1.2MB

    • MD5

      a1b9c6fdb702f4456a385ee93a1a77eb

    • SHA1

      283b10148e08fa8bd6d8ec47f8e62c556fb768cc

    • SHA256

      4cd782cfc5344a942f3f0a61c021122ded48b5e175de76f393419901708c04d4

    • SHA512

      447ed5b2656fdb225c799270421b9e3459ac44ae7be06a84bd6c67c2304b8076eb562e3d191e8a43190338fa4e67a8b3cf7afd3eb788c707497cb090b98af0ca

    • SSDEEP

      24576:F4L8ZNLC0RaGGeeh9dWHjQyAToCF+i15b1lpJyIOYCdcb65Jhz+:Fxf89ajQyAToCF+iVJyIHocb65Hz+

    Score
    3/10
    • Target

      KRNLWRD/krnl.dll

    • Size

      3.6MB

    • MD5

      fc60421668db13abf48ba5465e3ab495

    • SHA1

      6b13d1a54e8b48202e21f67216ca67b7bc4df2d2

    • SHA256

      a03e2456d3464bbfecd36969db85c24d313d6e5fb033861112f477e81373768b

    • SHA512

      0a1de5cfd2599171036a365cf86ce421215dc7883012080cc65161935e9dc4b6e4a2b6176cf7239755c2fc85c39c0269fea054c0db5906df7b7f36d655a4d9e5

    • SSDEEP

      49152:hkNojQZIux3HiL0d1iHMb/6ThRaIg1YYy1Oj7HqEawQrrrtBVi0EESW/JedjXwfs:5Xux3qI1isbSThRab1bymaj/LoEV0hy

    Score
    3/10
    • Target

      KRNLWRD/krnl.exe

    • Size

      1.5MB

    • MD5

      b4d30c9b8d8285090d6a23f86c9d418e

    • SHA1

      ec0749a7d4d0fe5ebcb6fe732a839c13f02bb4f8

    • SHA256

      16a708453fef15c6949ef6278020b9df440bb5e93d2b644dacc37729f3e6c09f

    • SHA512

      9e38805aedc2276e7fe457cb9b2f7d5432ea69049bfc1876969f072e6c73e067808072f74b9e3d97f4567ec7611e464500b229a08dd8c1737bb5ead60598cbd4

    • SSDEEP

      12288:anWI3rG06x7+G70EE/0GGGGGGhGGGGxdoM43nwVkokblUI:anWuC0AC4ysGGGGGGhGGGGx1VpsL

    Score
    3/10
    • Target

      KRNLWRD/krnlss.exe.config

    • Size

      202B

    • MD5

      0ed4b3831ff5e91dff636145f68aac4c

    • SHA1

      2d1140812945dc1b9e400a88c911803639cb2e49

    • SHA256

      03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347

    • SHA512

      4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks