Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

23/12/2023, 07:01

231223-hteccaeeap 8

23/12/2023, 06:57

231223-hq1feaghg6 3

23/12/2023, 06:55

231223-hp2xvaghg4 3

General

  • Target

    9lvsf.Stardock.Fences.5.04.x64.Multilingual.rar

  • Size

    13.5MB

  • Sample

    231223-hteccaeeap

  • MD5

    ed1a0d318f78fd7ee33309fb4eb5f7f2

  • SHA1

    61666c6154b8881d5abf4c4c73d2c5478256874c

  • SHA256

    aef7f8d55e7fd11061fad8de61424602930a11cc758e3a0aacf6858aae3394f9

  • SHA512

    d7e0c860630b7910951c367ad7afbf47122f59f669221f37ac8df637065403ed3072520c84084c9221ae74f850901cfda18714a9b60bac0a8c483ecb7c476a9b

  • SSDEEP

    196608:CTWNaqQ8EuKAvWWqq1Q4mpMLjaceFLxbOZ92N6Ms5rE+vQrFvrfXvQdrIP0:OWAPmWWR1apUaceFL9Wm6o+UFvrfYq0

Malware Config

Targets

    • Target

      AMPED/AMPED.txt

    • Size

      104B

    • MD5

      4ca637758356b1127e8d265b842b6307

    • SHA1

      c49ad61dbfd99052060b2e1f16e09f94d09f7141

    • SHA256

      224a4e40ac827974d15fadefd26769c2b65b85698901615af9af3ea3bba23bcf

    • SHA512

      a3d9226ac77908a6a3aa834cb1aceeaf74baaf4c2921e63ec669e42d25a6b288b7683a0a92487001cfc6271b29874530e42759f433d9beb07213fbc360d3c7c2

    • Modifies Shared Task Scheduler registry keys

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks