Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
3Origin.zip
windows7-x64
1Origin.zip
windows10-2004-x64
1Origin/Origin.exe
windows7-x64
6Origin/Origin.exe
windows10-2004-x64
6Origin/autoexec.lnk
windows7-x64
3Origin/autoexec.lnk
windows10-2004-x64
3Origin/aworkspace.lnk
windows7-x64
3Origin/aworkspace.lnk
windows10-2004-x64
3Origin/bin...LL.dll
windows7-x64
9Origin/bin...LL.dll
windows10-2004-x64
9Origin/bin/theme.json
windows7-x64
3Origin/bin/theme.json
windows10-2004-x64
3Origin/bin/ver.txt
windows7-x64
1Origin/bin/ver.txt
windows10-2004-x64
1Resubmissions
20/09/2023, 02:12
230920-cnbflsff36 9General
-
Target
Origin.zip
-
Size
11.6MB
-
Sample
230920-cnbflsff36
-
MD5
69bce8b13470c41286755e5c1495af17
-
SHA1
24f3be232b750778c7709e178dfe652b12585fce
-
SHA256
44cffe3cf0d9c21377e9aa11635f2fe3d867b6335c4470f0050c469195a782d1
-
SHA512
a2a01ab7b61e92b45dc63f08df86e35ca93226f0f4b8b4878d1bd21a128c7a5af29675fffbd3a17ead3c1f0e0ea2367554b9f6b38a78a23c98246b69d10ecd4b
-
SSDEEP
196608:AYZ5wYcTEYpPeNmxyqWXo7hQsqeoRU7xXCPggZGrIo3lJrPfL6g6RKZOjR9uJfAe:UnEKP8CyqSoNUe6sxXCPPZGr/lJrPfLh
Static task
static1
Behavioral task
behavioral1
Sample
Origin.zip
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Origin.zip
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
Origin/Origin.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
Origin/Origin.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
Origin/autoexec.lnk
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
Origin/autoexec.lnk
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
Origin/aworkspace.lnk
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
Origin/aworkspace.lnk
Resource
win10v2004-20230915-en
Behavioral task
behavioral9
Sample
Origin/bin/OriginDLL.dll
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
Origin/bin/OriginDLL.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral11
Sample
Origin/bin/theme.json
Resource
win7-20230831-en
Behavioral task
behavioral12
Sample
Origin/bin/theme.json
Resource
win10v2004-20230915-en
Behavioral task
behavioral13
Sample
Origin/bin/ver.txt
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
Origin/bin/ver.txt
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
Origin.zip
-
Size
11.6MB
-
MD5
69bce8b13470c41286755e5c1495af17
-
SHA1
24f3be232b750778c7709e178dfe652b12585fce
-
SHA256
44cffe3cf0d9c21377e9aa11635f2fe3d867b6335c4470f0050c469195a782d1
-
SHA512
a2a01ab7b61e92b45dc63f08df86e35ca93226f0f4b8b4878d1bd21a128c7a5af29675fffbd3a17ead3c1f0e0ea2367554b9f6b38a78a23c98246b69d10ecd4b
-
SSDEEP
196608:AYZ5wYcTEYpPeNmxyqWXo7hQsqeoRU7xXCPggZGrIo3lJrPfL6g6RKZOjR9uJfAe:UnEKP8CyqSoNUe6sxXCPPZGr/lJrPfLh
Score1/10 -
-
-
Target
Origin/Origin.exe
-
Size
2.2MB
-
MD5
106c6437e141c3ce50ccb6bab796e898
-
SHA1
07c06b243e2ebbd18e9e978b1a1c466ad373e64d
-
SHA256
02316eeb6cd43c45a63c9f0fcd43d2cc501a66bb75677ccbd57cb5da9fb78c3b
-
SHA512
2dff135be0efc19f96990d73755fa8a7c0cd64235489ed1d2743897eb929cd18f3e52535657232f03cc8d955b2fc1b5f0400825e942b019e13e2b2e5016001d9
-
SSDEEP
49152:MB+Kc09fBm9Xyuc/hAhQDl6fR3V2BTzIJa6:MB1JPm9eAhml6ZEBo
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Origin/autoexec.lnk
-
Size
1KB
-
MD5
c1648c6cdd49758d614bb0ca0da45c81
-
SHA1
ecd045dabc0caa0d5f1549ddb8811946751d66c4
-
SHA256
19fea48784cc1b8f4acce0f9897665c241dd9be358fe5eea3e92d667612e78a0
-
SHA512
66828ef4ed423cfd9c666067403dcc586d8b5cb49fb049d5a6a03b2e94558b40e17d97bb240d012c8e4528046195c1ae77e62e7a8d29a9ae3fc1f51ab5f18566
Score3/10 -
-
-
Target
Origin/aworkspace.lnk
-
Size
1KB
-
MD5
fe67c7dcfee997a379a81fcdb7fc13d8
-
SHA1
9260b4dea75141fb19fa64ea9f5c8febe9c127ce
-
SHA256
9de92e7f51daa5df1a1d29d1773ecc74ce7c8b6bc9816335d0b6256a0288e0cb
-
SHA512
85e4dbf842d3a4de09fcef48e03245cc2d3221feac64855bfac4e6033c429bb45dc9e4dc9e91fb92032e00e31fc791e752adc0ab0fb5514d490c1830bbf57778
Score3/10 -
-
-
Target
Origin/bin/OriginDLL.dll
-
Size
9.6MB
-
MD5
77a1baf6f2f536ddd861bc7b8840e6e3
-
SHA1
df4af5e36c2ff61238cdf691c8e62d2af5f460c4
-
SHA256
afbff748a176dff968ced4bee463e429c8f21fbdbd859af6c35b2a16cc91282a
-
SHA512
d23bd95359389e08c945f7408901413107f5733dbb02a66f10af3207cc7fc8ecb5a813be53cb5f6163a8e50c0e38e9b4693993738312eee49bd39d91d76a2d5d
-
SSDEEP
196608:MJQR+brmA5Vs7IryoBVrdaOdPQl5Q5o79fXdFJNBWmQOrCZSgr1NIRKLFru6335:Vgfm8VQcyo/jQl5QEPdTDQO+ZLrH/E65
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Origin/bin/theme.json
-
Size
538B
-
MD5
f47ea4c889e87a0f39493f04037ca795
-
SHA1
2d5ff24cbff1d8e3ba8c318ab320b5ab989fa017
-
SHA256
059c3d3eae1ffbc9d5dbd90ebdab85684d0679025324e84a319927b9dbeb1846
-
SHA512
63957f8f96c6db0f2a9006462f35bd54313422cc8d09a74455fa9425e275a4c91248d2dd679da0f2f112696792d116c5f48c7c6f59f6e165d5b4150950a5a1f6
Score3/10 -
-
-
Target
Origin/bin/ver.txt
-
Size
5B
-
MD5
2229873b3f1ffd4c6a34a0203cf9f204
-
SHA1
60fd2aa5eb4c80303a8d014e634cb74994830e13
-
SHA256
98e2362a1e7a90fcbea80d45799f6e3ac02df174d1b1e59e227099a51003c895
-
SHA512
98657d4f2a02c94303c7959cfb5ffe87e978c83dfd89523ac45d6ec787281c02bcf0ace6d4ff7f8fcc95bf99a6a555a2ad46bad4549a5f8908e2f56a4809b17b
Score1/10 -