Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

--点我安装--.exe

windows7-x64

8

--点我安装--.exe

windows10-2004-x64

8

eAPI.dll

windows7-x64

1

eAPI.dll

windows10-2004-x64

1

krnln.dll

windows7-x64

1

krnln.dll

windows10-2004-x64

1

mp3.dll

windows7-x64

1

mp3.dll

windows10-2004-x64

3

shell.dll

windows7-x64

1

shell.dll

windows10-2004-x64

1

sock.dll

windows7-x64

1

sock.dll

windows10-2004-x64

1

spec.dll

windows7-x64

1

spec.dll

windows10-2004-x64

1

问题点�...PI.dll

windows7-x64

1

问题点�...PI.dll

windows10-2004-x64

1

问题点�...ln.dll

windows7-x64

1

问题点�...ln.dll

windows10-2004-x64

1

问题点�...p3.dll

windows7-x64

1

问题点�...p3.dll

windows10-2004-x64

3

问题点�...��.exe

windows7-x64

1

问题点�...��.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7328efeb259c12686d5797c9abcf0fad794ca7b9361f0517027c71b58b42347

  • Size

    3.2MB

  • Sample

    230806-c2bzasff39

  • MD5

    8819a68559aaa780bbbaaedc063e5e14

  • SHA1

    36952e28bd3ca50b609cdd418098a6222603d331

  • SHA256

    d7328efeb259c12686d5797c9abcf0fad794ca7b9361f0517027c71b58b42347

  • SHA512

    9f07292044b4bb88e3b3ab9a2a29054b7a6e2ab674e0d02c8406f794f7e7b8de81bb24c05987a90f79123f68cfd36fbab59f805e76407c0bf72444f743a3c7cf

  • SSDEEP

    98304:nGbCcmDMi0LcGbCcmDMieov236XRG9O3LKrjBEopes4:nG1wMi0LcG1wMivv236hG9QLKraoEs4

Score
8/10
evasionransomware

Malware Config

Targets

    • Target

      --点我安装--.exe

    • Size

      2.5MB

    • MD5

      bfee567e1324a2398e6701300336a58a

    • SHA1

      7a6c12a1d7df9828e7d43e610c34ec8a3dbae0e0

    • SHA256

      e396b71edd7c534085151494e5fe185921c12212ac43d7ae1db39f7a7a9f77b9

    • SHA512

      019ed96e1986867f7de6f9520bbc56b32347065613ff4e7f5337c79f888d2ffd0ace1890bedf771f9b576c80749cf195a200928a93aa63fa3764d835bf4c46e2

    • SSDEEP

      49152:Megwd60SregclSHbVdGNJzHBoIyxkYJm/QxKE:Mbwd6Pre2HZdGNFBoIRYyfE

    Score
    8/10
    evasionransomware

    • Disables Task Manager via registry modification

      evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

    • Target

      eAPI.fne

    • Size

      308KB

    • MD5

      7c1ff88991f5eafab82b1beaefc33a42

    • SHA1

      5ea338434c4c070aaf4e4e3952b4b08b551267bc

    • SHA256

      53483523c316ad8c022c2b07a5cabfff3339bc5cb5e4ac24c3260eea4f4d9731

    • SHA512

      310c90c82b545160420375c940b4d6176400e977f74048bfe2e0d0784bc167b361dc7aac149b8379f6e24050a253f321a6606295414ea9b68a563d59d0d17a48

    • SSDEEP

      6144:yE+ULyjYsLavN8JFhOyccPT8oV2wQfRayWjG:yoWRVXUyhIoIwQ4VG

    Score
    1/10
    behavioral3behavioral4

    • Target

      krnln.fnr

    • Size

      1.2MB

    • MD5

      a6a397b67ebac717e7ec095bf9b597ee

    • SHA1

      80c7459654f3564c0cb74a47398d48e0f02cb82f

    • SHA256

      847fbe068ff90112d9b76c04587439ee3a3866d8c60466bb4673491d94ddfd89

    • SHA512

      0eb5528a4aad4458feddbefb5347d0e2cd84d6240a341ccc425d6ed98d15d8588d8635f21d30af389a2af5ac9537bea56a1d97530ac90e965989e296f1c5d8c8

    • SSDEEP

      24576:ZlR7H/LiuGfd8X6dlmg8UHDLC2aS6Vixyfr6CcwwWB5XT:hbm/Kwmgtxkix/CcwwWTT

    Score
    1/10
    behavioral5behavioral6

    • Target

      mp3.run

    • Size

      184KB

    • MD5

      4ea6c6b972965aa0a0f11515ec46ec0c

    • SHA1

      114f24efb002d64b93357c718167ba018a00b579

    • SHA256

      58e5d6246a0555c2afeeac51ae12ecda459f377e87b92cb4d7a0ddc055abbbca

    • SHA512

      3d62dd4101c9211e21f049655a058f093a27f495f9a1cd1095ecbb50e3c75bffd26d1df7b921b1dedbc29bddd6381a720c7e66f377588b5f39b140bed8d4e4a2

    • SSDEEP

      3072:XC7rDdCjvp+2YHLwaJ0Kq0o0PC+53fDIwryoCjD7CHNPBlBIiArBaKw4N7ksVe6i:J+9fGoi/biAea7ksVsUm3WgndlAU

    Score
    3/10
    behavioral7behavioral8

    • Target

      shell.fne

    • Size

      60KB

    • MD5

      98174c8c2995000efbda01e1b86a1d4d

    • SHA1

      7e71a5a029a203e4ab0afc68eee18c39f4ab4097

    • SHA256

      90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

    • SHA512

      a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

    • SSDEEP

      768:eeZWaAKT41c1IYc8HBbrYNYVw2Fj9oNIqF42eofVU:eBKT4fkrymV7oNIqC8f6

    Score
    1/10
    behavioral10behavioral9

    • Target

      sock.fne

    • Size

      40KB

    • MD5

      71f62c3fa63521b90bcec93d988eea7d

    • SHA1

      9abf04048357b03481b40d8aeb4fbc995f6c5c28

    • SHA256

      dc64aefb6fbb939a8da4dd37ef8eb9ae324285546347bc1a130d73a6f60ac55d

    • SHA512

      8d31026777e6a94d179045650dc283be0c31dbed9c512ff1318316b190ae9806293d31939ca348639b41d07eaf2723281740071a941737484c2dc7cce8b4d94f

    • SSDEEP

      768:NciLzYKk9V8ak8E9eT/5jziXkzfTo96oth:SKk78aI9eTRzKkfot

    Score
    1/10
    behavioral11behavioral12

    • Target

      spec.fne

    • Size

      72KB

    • MD5

      bd6eef5ea9a52a412a8f57490d8bd8e4

    • SHA1

      ab61ad7f66c5f6dfb8d28eba1833591469951870

    • SHA256

      0c9e6eb8648f4bf5c585d5344035e91c3249bb9686a302503b4681b7ba828dc0

    • SHA512

      1c43e50270eed071c8ef35e1c4695a93b9f98e668d4aebb44eb3b620efd2624b381554d2daf2d017f764b485e060abd589216043adea19eac94028ce66cc2025

    • SSDEEP

      768:zFYJh2NrjSv4ol1WAHcTtEWC9Vm0yws7oP8NiB9EhyTWV/h2nokCqytGSgtvag/:zrrev4olRHcTtD0y7o0YUKokC7Idp

    Score
    1/10
    behavioral13behavioral14

    • Target

      问题点我/恢复/eAPI.fne

    • Size

      308KB

    • MD5

      7c1ff88991f5eafab82b1beaefc33a42

    • SHA1

      5ea338434c4c070aaf4e4e3952b4b08b551267bc

    • SHA256

      53483523c316ad8c022c2b07a5cabfff3339bc5cb5e4ac24c3260eea4f4d9731

    • SHA512

      310c90c82b545160420375c940b4d6176400e977f74048bfe2e0d0784bc167b361dc7aac149b8379f6e24050a253f321a6606295414ea9b68a563d59d0d17a48

    • SSDEEP

      6144:yE+ULyjYsLavN8JFhOyccPT8oV2wQfRayWjG:yoWRVXUyhIoIwQ4VG

    Score
    1/10
    behavioral15behavioral16

    • Target

      问题点我/恢复/krnln.fnr

    • Size

      1.2MB

    • MD5

      a6a397b67ebac717e7ec095bf9b597ee

    • SHA1

      80c7459654f3564c0cb74a47398d48e0f02cb82f

    • SHA256

      847fbe068ff90112d9b76c04587439ee3a3866d8c60466bb4673491d94ddfd89

    • SHA512

      0eb5528a4aad4458feddbefb5347d0e2cd84d6240a341ccc425d6ed98d15d8588d8635f21d30af389a2af5ac9537bea56a1d97530ac90e965989e296f1c5d8c8

    • SSDEEP

      24576:ZlR7H/LiuGfd8X6dlmg8UHDLC2aS6Vixyfr6CcwwWB5XT:hbm/Kwmgtxkix/CcwwWTT

    Score
    1/10
    behavioral17behavioral18

    • Target

      问题点我/恢复/mp3.run

    • Size

      184KB

    • MD5

      4ea6c6b972965aa0a0f11515ec46ec0c

    • SHA1

      114f24efb002d64b93357c718167ba018a00b579

    • SHA256

      58e5d6246a0555c2afeeac51ae12ecda459f377e87b92cb4d7a0ddc055abbbca

    • SHA512

      3d62dd4101c9211e21f049655a058f093a27f495f9a1cd1095ecbb50e3c75bffd26d1df7b921b1dedbc29bddd6381a720c7e66f377588b5f39b140bed8d4e4a2

    • SSDEEP

      3072:XC7rDdCjvp+2YHLwaJ0Kq0o0PC+53fDIwryoCjD7CHNPBlBIiArBaKw4N7ksVe6i:J+9fGoi/biAea7ksVsUm3WgndlAU

    Score
    3/10
    behavioral19behavioral20

    • Target

      问题点我/恢复/恢复.exe

    • Size

      9KB

    • MD5

      eebe28f65bcf1dbaf357d32ffb004632

    • SHA1

      257e4f71ae3d64e2491d0447fa7bdf0b31064290

    • SHA256

      f156943d58b7d47bc80013a4acaa5cd337f40f4cbeae03482de70a137d918ba3

    • SHA512

      98ca79bdc04ba5415aea8cf7669d87ec34f7de810d647db5fa6a893094bbca731dc123c301caa45710b7edb918ec5ebb555b3bf6d52d458acd1dde1c9ae2bd64

    • SSDEEP

      96:2ceikEpNe1XfYYKYFl22BvwLmiEFUkputsW848etw2:26kEChvKqSmiEFputsM

    Score
    1/10
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks