Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

Origin.zip

windows7-x64

1

Origin.zip

windows10-2004-x64

1

Origin/Origin.exe

windows7-x64

6

Origin/Origin.exe

windows10-2004-x64

6

Origin/autoexec.lnk

windows7-x64

3

Origin/autoexec.lnk

windows10-2004-x64

3

Origin/aworkspace.lnk

windows7-x64

3

Origin/aworkspace.lnk

windows10-2004-x64

3

Origin/bin...LL.dll

windows7-x64

9

Origin/bin...LL.dll

windows10-2004-x64

9

Origin/bin/theme.json

windows7-x64

3

Origin/bin/theme.json

windows10-2004-x64

3

Origin/bin/ver.txt

windows7-x64

1

Origin/bin/ver.txt

windows10-2004-x64

1

Resubmissions

20/09/2023, 02:12

230920-cnbflsff36 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Origin.zip

  • Size

    11.6MB

  • Sample

    230920-cnbflsff36

  • MD5

    69bce8b13470c41286755e5c1495af17

  • SHA1

    24f3be232b750778c7709e178dfe652b12585fce

  • SHA256

    44cffe3cf0d9c21377e9aa11635f2fe3d867b6335c4470f0050c469195a782d1

  • SHA512

    a2a01ab7b61e92b45dc63f08df86e35ca93226f0f4b8b4878d1bd21a128c7a5af29675fffbd3a17ead3c1f0e0ea2367554b9f6b38a78a23c98246b69d10ecd4b

  • SSDEEP

    196608:AYZ5wYcTEYpPeNmxyqWXo7hQsqeoRU7xXCPggZGrIo3lJrPfL6g6RKZOjR9uJfAe:UnEKP8CyqSoNUe6sxXCPPZGr/lJrPfLh

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      Origin.zip

    • Size

      11.6MB

    • MD5

      69bce8b13470c41286755e5c1495af17

    • SHA1

      24f3be232b750778c7709e178dfe652b12585fce

    • SHA256

      44cffe3cf0d9c21377e9aa11635f2fe3d867b6335c4470f0050c469195a782d1

    • SHA512

      a2a01ab7b61e92b45dc63f08df86e35ca93226f0f4b8b4878d1bd21a128c7a5af29675fffbd3a17ead3c1f0e0ea2367554b9f6b38a78a23c98246b69d10ecd4b

    • SSDEEP

      196608:AYZ5wYcTEYpPeNmxyqWXo7hQsqeoRU7xXCPggZGrIo3lJrPfL6g6RKZOjR9uJfAe:UnEKP8CyqSoNUe6sxXCPPZGr/lJrPfLh

    Score
    1/10
    behavioral1behavioral2

    • Target

      Origin/Origin.exe

    • Size

      2.2MB

    • MD5

      106c6437e141c3ce50ccb6bab796e898

    • SHA1

      07c06b243e2ebbd18e9e978b1a1c466ad373e64d

    • SHA256

      02316eeb6cd43c45a63c9f0fcd43d2cc501a66bb75677ccbd57cb5da9fb78c3b

    • SHA512

      2dff135be0efc19f96990d73755fa8a7c0cd64235489ed1d2743897eb929cd18f3e52535657232f03cc8d955b2fc1b5f0400825e942b019e13e2b2e5016001d9

    • SSDEEP

      49152:MB+Kc09fBm9Xyuc/hAhQDl6fR3V2BTzIJa6:MB1JPm9eAhml6ZEBo

    Score
    6/10

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      Origin/autoexec.lnk

    • Size

      1KB

    • MD5

      c1648c6cdd49758d614bb0ca0da45c81

    • SHA1

      ecd045dabc0caa0d5f1549ddb8811946751d66c4

    • SHA256

      19fea48784cc1b8f4acce0f9897665c241dd9be358fe5eea3e92d667612e78a0

    • SHA512

      66828ef4ed423cfd9c666067403dcc586d8b5cb49fb049d5a6a03b2e94558b40e17d97bb240d012c8e4528046195c1ae77e62e7a8d29a9ae3fc1f51ab5f18566

    Score
    3/10
    behavioral5behavioral6

    • Target

      Origin/aworkspace.lnk

    • Size

      1KB

    • MD5

      fe67c7dcfee997a379a81fcdb7fc13d8

    • SHA1

      9260b4dea75141fb19fa64ea9f5c8febe9c127ce

    • SHA256

      9de92e7f51daa5df1a1d29d1773ecc74ce7c8b6bc9816335d0b6256a0288e0cb

    • SHA512

      85e4dbf842d3a4de09fcef48e03245cc2d3221feac64855bfac4e6033c429bb45dc9e4dc9e91fb92032e00e31fc791e752adc0ab0fb5514d490c1830bbf57778

    Score
    3/10
    behavioral7behavioral8

    • Target

      Origin/bin/OriginDLL.dll

    • Size

      9.6MB

    • MD5

      77a1baf6f2f536ddd861bc7b8840e6e3

    • SHA1

      df4af5e36c2ff61238cdf691c8e62d2af5f460c4

    • SHA256

      afbff748a176dff968ced4bee463e429c8f21fbdbd859af6c35b2a16cc91282a

    • SHA512

      d23bd95359389e08c945f7408901413107f5733dbb02a66f10af3207cc7fc8ecb5a813be53cb5f6163a8e50c0e38e9b4693993738312eee49bd39d91d76a2d5d

    • SSDEEP

      196608:MJQR+brmA5Vs7IryoBVrdaOdPQl5Q5o79fXdFJNBWmQOrCZSgr1NIRKLFru6335:Vgfm8VQcyo/jQl5QEPdTDQO+ZLrH/E65

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral10behavioral9

    • Target

      Origin/bin/theme.json

    • Size

      538B

    • MD5

      f47ea4c889e87a0f39493f04037ca795

    • SHA1

      2d5ff24cbff1d8e3ba8c318ab320b5ab989fa017

    • SHA256

      059c3d3eae1ffbc9d5dbd90ebdab85684d0679025324e84a319927b9dbeb1846

    • SHA512

      63957f8f96c6db0f2a9006462f35bd54313422cc8d09a74455fa9425e275a4c91248d2dd679da0f2f112696792d116c5f48c7c6f59f6e165d5b4150950a5a1f6

    Score
    3/10
    behavioral11behavioral12

    • Target

      Origin/bin/ver.txt

    • Size

      5B

    • MD5

      2229873b3f1ffd4c6a34a0203cf9f204

    • SHA1

      60fd2aa5eb4c80303a8d014e634cb74994830e13

    • SHA256

      98e2362a1e7a90fcbea80d45799f6e3ac02df174d1b1e59e227099a51003c895

    • SHA512

      98657d4f2a02c94303c7959cfb5ffe87e978c83dfd89523ac45d6ec787281c02bcf0ace6d4ff7f8fcc95bf99a6a555a2ad46bad4549a5f8908e2f56a4809b17b

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks