Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    3.3MB

  • Sample

    240129-j9j37sfbbr

  • MD5

    e9511c52af792b25be4cc022154a8753

  • SHA1

    9fb6b7306286ba00d05b045c37035da39026e5ed

  • SHA256

    30aecb1d0bb7c6f8de3f21937ff121ccfee96e0454a1e9a156fefbf8accc8770

  • SHA512

    8ff065e15a2e3ca5ab61b60d32cb1ecbbd34d9b45ff3947e2214d437f3f8d572b6b1c18abfe7a649f50892f17bfbbf4238a67562fdcf03ba72baac1cdd758d2a

  • SSDEEP

    98304:8i++qX8iuivYw7Kx0tJI7dKeZIC5JkvEC:/cNuyYw7RtJI7ZZh5Jkl

Malware Config

Targets

    • Target

      file.exe

    • Size

      3.3MB

    • MD5

      e9511c52af792b25be4cc022154a8753

    • SHA1

      9fb6b7306286ba00d05b045c37035da39026e5ed

    • SHA256

      30aecb1d0bb7c6f8de3f21937ff121ccfee96e0454a1e9a156fefbf8accc8770

    • SHA512

      8ff065e15a2e3ca5ab61b60d32cb1ecbbd34d9b45ff3947e2214d437f3f8d572b6b1c18abfe7a649f50892f17bfbbf4238a67562fdcf03ba72baac1cdd758d2a

    • SSDEEP

      98304:8i++qX8iuivYw7Kx0tJI7dKeZIC5JkvEC:/cNuyYw7RtJI7ZZh5Jkl

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/Checker.dll

    • Size

      41KB

    • MD5

      1ebcb7fe4d8f8f975dd404d1688d1e1a

    • SHA1

      cff12da173ae6e6660870e6343aac823e013ebc3

    • SHA256

      c78112c3da52d30b98c4cb34d3b9baf406f85a4dc975c40a6949672122c8ed37

    • SHA512

      7ec29be35c39b8fb623eb1f624df984031bc26fb7c99d7375b754ac1bda383e318d01eeae2672a79db6e5b177e29d97a2eb0d60385a80f4a26a5006c7e0173fe

    • SSDEEP

      768:NNZoBQfjXtKahyIXlQWBh/GxHxn2hEDVyx1jZv79FN:NNZwApK0XlLYd9o99L

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      30a8c8e0e35d7d036fea63ceca28b462

    • SHA1

      e3e15d822bdd5e98c80e9b7c00a476dccbdc6eb6

    • SHA256

      de1caa5f3a80a5cfffe6d475ca3404b8928d57c8adba49d89b13fe95ab2ee50b

    • SHA512

      f68f6922352ed2c834bc0562681ef740c54bd430cbbd66bb6d5534fd146875b0a9937e98925727a8bd9dcad3d5e99322de13aaba231999d8c7608526a8adc181

    • SSDEEP

      192:g46k30R+dHp4TaQm1QukrdWWmUOWDNsrwJBsLLvjCK72dwF7dBOne:Z6k30gdHp4J6Q0lXLvjC+BO

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      dd87a973e01c5d9f8e0fcc81a0af7c7a

    • SHA1

      c9206ced48d1e5bc648b1d0f54cccc18bf643a14

    • SHA256

      7fb0f8d452fefaac789986b933df050f3d3e4feb8a8d9944ada995f572dcdca1

    • SHA512

      4910b39b1a99622ac8b3c42f173bbe7035ac2f8d40c946468e7db7e2868a2da81ea94da453857f06f39957dd690c7f1ba498936a7aaa0039975e472376f92e8f

    • SSDEEP

      192:VFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/993:97pJp48F2exrg5F/9

    Score
    3/10
    • Target

      $PLUGINSDIR/Zip.dll

    • Size

      76KB

    • MD5

      bd448b748b6fb2fc268f297363ef69e5

    • SHA1

      0c33557703b39928d19520651001607724f5cf8d

    • SHA256

      b3a67c05d7788b1310b342bea37d69a84d9c7997c729f489f9602148f9a6d708

    • SHA512

      555f049387a924c1a3feb38582abb3c5b238df5975c4f739690e2bad06ce5bfce02c2deb46816aacbf73e76292382e8974484e9886f079de69ddad1268a0ea0d

    • SSDEEP

      768:2qzEOfLo2T0pHES42P2wsSrSlAKL0RvTZTEeo9L1Po0OQuiSKcKysNU3her9dohv:2hQspHrXK5eKO5KysyxAd4CiR

    Score
    3/10
    • Target

      $R1

    • Size

      700KB

    • MD5

      accf7ac65166406e344ab6a412c3c2f4

    • SHA1

      198b460224b5c47bd645a66cf4b33510314d3d0d

    • SHA256

      05e1c793965512e33b1bc8104d58e12131c46656eac55d650bc0c4b50f5d5ddb

    • SHA512

      24d5e42c8f6ec5d7acf0b398c40205a7a592afdd2e91c18b4080202990b44ad59276f44d28d40433308ad87f4bc2639cef5aa51da4cc36faf6b85d63ad7be0a9

    • SSDEEP

      12288:NDSXZPuiI5Nr1GK+78EiGf4xAnoNb4ME7BxNfOp+pX3MntX+i1eI+G8b3fEw:U2iI5tr+78EiWqAoNb4ZBxNfbR3wtXNq

    Score
    1/10
    • Target

      SumatraPDF.exe

    • Size

      6.2MB

    • MD5

      a66c9054c372978b5752566361c27535

    • SHA1

      527b8a0f9bffc41df878fb45e73f58e01e827e25

    • SHA256

      54e19ff0a436f9806ff4dec14882a3391026751242b0e53330325e7c256d5155

    • SHA512

      3114d24ccc0705cb722fd0a6ef135215e6475702d12073ab0567039a34d2cb279f7a6f6ffb58cc2a38dc87b3f97c71c245709ba6242813a0abd5ca0d0bb7e17e

    • SSDEEP

      196608:DDXbNtDd/MmCp3XH0PXBs72S3CKCXCv2a/At:DDXht5/MmCpHUPXOR39Uk20C

    Score
    1/10
    • Target

      uninst.exe

    • Size

      39KB

    • MD5

      b462f3c38bc5b56e06976a94a7c36bc7

    • SHA1

      0106bf912fa9a37bb975afb00fd4ebaf7dff13cd

    • SHA256

      446c3dc2041bd1d0968e92ec21d538da95dd85c62535293fdca425b02587bbe5

    • SHA512

      f33baef794d57eec26df2b173719c3dde0e8e1f9354d598662d1b86c1317b21fbff17b1ce373495f9bfe717d10b8dba1d486fee18bbb51b726e480300c606343

    • SSDEEP

      768:0Gn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPciuc1sJ:T4hwgonu0fJytuPwbdNcir1sJ

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks