Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

parsec-windows.exe

windows7-x64

8

$PLUGINSDI...ID.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

parsecd.exe

windows7-x64

1

pservice.exe

windows7-x64

1

skel/parse...1a.dll

windows7-x64

1

teams.exe

windows7-x64

1

vdd/devcon.exe

windows7-x64

1

vdd/mm.dll

windows7-x64

1

vusb/parsec-vud.exe

windows7-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

nefconc.exe

windows7-x64

1

parsecudea...io.sys

windows7-x64

1

pcvudhc/pa...ba.sys

windows7-x64

1

vusbinstall.bat

windows7-x64

8

vusbuninstall.bat

windows7-x64

6

wscripts/f...dd.vbs

windows7-x64

1

wscripts/f...ve.vbs

windows7-x64

8

wscripts/l...up.vbs

windows7-x64

3

wscripts/s...ll.vbs

windows7-x64

8

wscripts/s...ec.vbs

windows7-x64

4

wscripts/s...ve.vbs

windows7-x64

8

wscripts/v...ll.vbs

windows7-x64

3

wscripts/v...ve.vbs

windows7-x64

3

Resubmissions

01/02/2024, 14:48

240201-r6nk8ahgfq 8

01/02/2024, 14:46

240201-r5rlgshgdr 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    parsec-windows.exe

  • Size

    3.3MB

  • Sample

    240201-r6nk8ahgfq

  • MD5

    6fb8ea7b3686d1f7ecd7d36da6a9bed1

  • SHA1

    024855f92c23dc0402ba77ef58a23aa504824753

  • SHA256

    40b804976a1a7286926f9af215ba9494b4cc6e8eb5ffa755b6b72d2cf2d7d342

  • SHA512

    bd25df322db2bd950edc5d151ff923251858ac4670b332b76a5d0cea52a6243a9173e4567535af221e172a1a097f5733799c04a27bedf938e4247a3714adc706

  • SSDEEP

    49152:ChmMFV+KGAFwXidaX/DEEj7CVytNrDpusE+AwhzlhzUJy1AIEbPnwC:CIMFMKXiSdab5j+VyWRwhzrzuIWw

Score
8/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      parsec-windows.exe

    • Size

      3.3MB

    • MD5

      6fb8ea7b3686d1f7ecd7d36da6a9bed1

    • SHA1

      024855f92c23dc0402ba77ef58a23aa504824753

    • SHA256

      40b804976a1a7286926f9af215ba9494b4cc6e8eb5ffa755b6b72d2cf2d7d342

    • SHA512

      bd25df322db2bd950edc5d151ff923251858ac4670b332b76a5d0cea52a6243a9173e4567535af221e172a1a097f5733799c04a27bedf938e4247a3714adc706

    • SSDEEP

      49152:ChmMFV+KGAFwXidaX/DEEj7CVytNrDpusE+AwhzlhzUJy1AIEbPnwC:CIMFMKXiSdab5j+VyWRwhzrzuIWw

    Score
    8/10
    discoveryevasionpersistence
    behavioral1

    • Target

      $PLUGINSDIR/ApplicationID.dll

    • Size

      196KB

    • MD5

      a858c1a57e32485505b1977cf0a125be

    • SHA1

      25d86c4b51f7cc10fc70e3a0493a39c4460cc350

    • SHA256

      1462a072345e86318b981089b08b613a34027ddf527bfb66606c683f218fc3b4

    • SHA512

      32b597fc2412a9407fd12ac77c556ff9740f1dd0d2055426d11a7baf21b09c536a84cfb97865b4e94168656514e7ce71eb2bc4122aa340100f4ce483bad1722d

    • SSDEEP

      3072:2pBNN6AmU9cDlKd3P6V9nSm49WTgKg4Fa1V3FuXRAuAg0FubA9cVsL+73:2pzxmQ3yL+9MgKbxAOEXY

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      675c4948e1efc929edcabfe67148eddd

    • SHA1

      f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

    • SHA256

      1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

    • SHA512

      61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

    • SSDEEP

      96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW

    Score
    3/10
    behavioral5

    • Target

      parsecd.exe

    • Size

      454KB

    • MD5

      62beb668110b4c5ddad09bb20d921cb6

    • SHA1

      f3706372c01d1e607ff8c605307de6ef2c26c1a4

    • SHA256

      6f1be9e26e403a885cc3b1ff0e4dbecbc96c0821119d25990c3e211564f215d5

    • SHA512

      8994c3f1c78b0a816ecf30e463af8d6ddfd0a0ce7b962cbf13e9bbd360d37a024b8ee69c76745f4c332a4786dbfb9216667b1d03c32c60a7c06e85359a2186ee

    • SSDEEP

      6144:rkdyuNAbS9p400tm61bXdCwx+3y6kR1DnjvGms7X5od0:rkUuNAbS9p9cx1rdCwh6+/+msjmd0

    Score
    1/10
    behavioral6

    • Target

      pservice.exe

    • Size

      408KB

    • MD5

      46cd3fc327af9109bd143ba7f16df397

    • SHA1

      53d2a6bcf0d21168050b852e287c2ef62f52f909

    • SHA256

      5a699a165838c739e449ac19a52e0a05b841bcee1a27f7d348f0dd04c8e277a3

    • SHA512

      d6e35f0dd4f6ef259dd7040d80cd469f27eb460836a4c767d40678ce82b46ce4c38b329c0cf3b41236cea2f0333f94669cfbef05ef484d91035f52ad4c1a5ca3

    • SSDEEP

      6144:qaoZkv+B1x9heMY32Z4iZDzDJGjvGms7X5Hm:4Zkv+B1x9cMu2ZzS+msjZ

    Score
    1/10
    behavioral7

    • Target

      skel/parsecd-150-91a.dll

    • Size

      3.2MB

    • MD5

      afde0d1c5d9a38df12db5fa7a2156017

    • SHA1

      c752368ef36784af8d496b5d4a56c219ae8109b1

    • SHA256

      784dad86ed6616d16aecec8f45f03ac5d8ced1b147f3fb8ec13df731755130be

    • SHA512

      77069ac740a265f973abdd2bdbf5d5b87d8118ee121a78190a93c21c4b8d43892ddf58c0714fd86b0ef662ccfd75dc2d0ffb93c5c941830b602c2ef6a10683a7

    • SSDEEP

      49152:CJWQOll4ZC/kLkRT5HoTGRGkZLO3AuVcljZuKWzTAu3y8kkeyA5bI86DJvmnHnZl:rFwaC8sJva7cov

    Score
    1/10
    behavioral8

    • Target

      teams.exe

    • Size

      342KB

    • MD5

      faa24223985abfbf64e4ddcd43f062d3

    • SHA1

      e1374dc7c98405efc5a44aa3229b97eabdd69bb2

    • SHA256

      6dc71b2e92b770dcfeca4a32c8f1787210311f731f1124754df193ec22d5d13e

    • SHA512

      23324afcb51508f5ea3f120a5787b150a8226d677c5a55fef219674b4d619fd0d7300d2b4cad917864d5f54788b9c8546db2a77aa4f0d666a956014169c4a6c9

    • SSDEEP

      6144:GAR9duE83BYjyEbU1SDgFg8EwkSdbAxD22y6jvGmp:H9gp3WjyEbU1SDAgJw40c+mp

    Score
    1/10
    behavioral9

    • Target

      vdd/devcon.exe

    • Size

      80KB

    • MD5

      a9b2b49cc4457ad9d63b10c4fd6c9748

    • SHA1

      358179dc6acaca3101c3b6f8af4d471267576d63

    • SHA256

      270836795917367e22d843df92a535004143515e9ea9bbdeb056a27c82ad6daa

    • SHA512

      8b958943667d73d479e3943f752248bdf13f3c7f242d2ca7ac13ca81a7318e737b78e3172a726c7de040c9ae442ee9fb53245153f6f3d965562070c6f097f34a

    • SSDEEP

      1536:Loy+W1WjEMnRJod1WoIkOFc5V62nFMqO7WM:LhePRKWpkecC2FM3W

    Score
    1/10
    behavioral10

    • Target

      vdd/mm.dll

    • Size

      153KB

    • MD5

      5f8fcc7684c70bca36cdcb943498e257

    • SHA1

      0839d177b5d9b61bf621d92ecfd71847c1e6061f

    • SHA256

      7f2e8860d56461ea5eb2d2d54a63fc934f3694b32eda72170e069797d846d6c7

    • SHA512

      f99b33feb34aef30a1365652f1834e842e0fc66829fd40a7dec030f685ff998184dcfc9cd78d213d52722b1b7935f5e46e57db63dda69894f099e1bea39ebbd7

    • SSDEEP

      1536:26C/s7abVFJc6JPnezrHzucwJpjTwEZdHrilfcz19xNH5lv1yhl3d0NNaEvEde0/:cmabVFJTEPnwJHHrEiNzY0NNaIUR

    Score
    1/10
    behavioral11

    • Target

      vusb/parsec-vud.exe

    • Size

      677KB

    • MD5

      563b76a686309756d913fd36d54394d2

    • SHA1

      a9b1f11e91ae7ccfcb2abd6e6308bae404ce5f3d

    • SHA256

      400540ae33428d45b901b22f6015575dfb204803342ea974310fb894124789af

    • SHA512

      c1657ac1542b695064f4264cfeaab9521e432b0b1f9a5cf67d8f26ef25c057c300d90ed9f0d04bb4948591dabdd172af3694c58c07680c4a85ead47cacac6c7b

    • SSDEEP

      12288:kbYI09O0wgIQp0RGkL7v+KF9usd1O7osH8m+znqeMK5GH9rFfW/Ho:kb4Jw9QaRG2zB9nU7PePMKkfO/Ho

    Score
    3/10
    behavioral12

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral13

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      2f69afa9d17a5245ec9b5bb03d56f63c

    • SHA1

      e0a133222136b3d4783e965513a690c23826aec9

    • SHA256

      e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

    • SHA512

      bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

    Score
    3/10
    behavioral14

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral15

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      675c4948e1efc929edcabfe67148eddd

    • SHA1

      f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

    • SHA256

      1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

    • SHA512

      61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

    • SSDEEP

      96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW

    Score
    3/10
    behavioral16

    • Target

      nefconc.exe

    • Size

      582KB

    • MD5

      dddee00430f7a3d52580b7c85d63d9dc

    • SHA1

      ff3b7a60062ef85186ea305168cc9bc207a0c5b0

    • SHA256

      002cbd46bbfaa2d9e04a578f7200711b5740bda119166f111e2590d8b19d3e68

    • SHA512

      faac2f9135aa58ddab6391d4711498a45f51a0429040833aea8d1f0f7c64ef27435c8a2d9c3e49c8bc8bdfec276ca455a719e2b401ea34994d57483c8fefe5ba

    • SSDEEP

      12288:qmTp2f8iWOZiu7uRt3eWuHE0e14BdpfVuW70q2cJto9VuZHPq:nTp2f8iWOZiu7uRt3nIE0+4BdpfVuW7Q

    Score
    1/10
    behavioral17

    • Target

      parsecudeaudio/parsecudeaudio.sys

    • Size

      160KB

    • MD5

      4632ca86e298101d977cf6a44a3c2c49

    • SHA1

      236742461d50ba744bec687b43438140bb434655

    • SHA256

      78c5b1176084ef661a4abbcca171e98fafee1ff268cd78f79527f6cf358d0861

    • SHA512

      99212fb68af93df014dc38cc4b5873727278d13e825adbf8858ff285916cb5ee548f4285d52d444bc157d734c4bcc706e2b21e3e321055bc83250279f3bfe28f

    • SSDEEP

      3072:qtJTYdWFTMMFK1EKSBysmyonj+12GjANgdv+xH0:6sWdDTXRbsN0

    Score
    1/10
    behavioral18

    • Target

      pcvudhc/parsecvusba.sys

    • Size

      256KB

    • MD5

      87251134d4bc6804c8450e6863d99bc7

    • SHA1

      16e0937be9ad92095e8542beec314cb043ea6dd5

    • SHA256

      6bcf88ff16f2c68d636b781f8abbdfbb274a70256ae83bc0b7d74c3bca7e200c

    • SHA512

      ab1df0eacf4f8e728bef9406eb7f98924c96c43133f6369ed9168fba0cd172b89464dc5342fa913b96b32a6cee1d394f74875d8a3b13d91c183a6bc253155f26

    • SSDEEP

      3072:rCutNyRF8/auxkKERP51UgXh/GxoGKQHG1aW6ArJOMcNY6XVx00ZZ3/oFSg:5Ryu6pByVsnGYLWwx

    Score
    1/10
    behavioral19

    • Target

      vusbinstall.bat

    • Size

      463B

    • MD5

      7c9dab371bfb829535fe548a08c470e3

    • SHA1

      ee58065d9f5ee67f0e1e1c8ba12022dd3463224a

    • SHA256

      f6f236a646af96033eb81a3473708b4db4529b645c751b4e905575f05f50142f

    • SHA512

      7eb111385b8a54d21d91d35b69fce555ac6c183bb54a9e38962cf25b39364d7e8b7c01fec5c356e5e3871c3024640a7bc234781c418d9a35c71d9eb339d9fc36

    Score
    8/10
    persistence

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral20

    • Target

      vusbuninstall.bat

    • Size

      646B

    • MD5

      c81ba69fb02b146aa1bcfeebe7706693

    • SHA1

      d349bf580d0d837d7f9f34928f5064da4a0922e9

    • SHA256

      9f1a4450cd6519580350974a467caaad5d63e8e246d7411b99521f32978b346c

    • SHA512

      809d4d0607473555b351c9b528e9661910efb155369f3b45b690aeb53f07a9f0e3075559de31fc6fd3f5d2b3a0ae27980e29659fcd178f613c9776ad7787cdb8

    Score
    6/10
    persistence
    behavioral21

    • Target

      wscripts/firewall-add.vbs

    • Size

      307B

    • MD5

      882374285898f16b5f9ff44afc1ae701

    • SHA1

      31c9445557c9b8ecda1f0a6d5ff666e01dd1c3ca

    • SHA256

      0be5aa5cc6395a86878f56b131e13db4908e48f06e892ff8f8cf9e2d3b6c8abb

    • SHA512

      3b05158b03b57a4d2cbfee9cef6adfe973d080264a88e5cdeb85c59b567529cd1cd2a3b5d8538cb8637d140fd8691dc8826388ab669b7bfb2d5c1c4174069243

    Score
    1/10
    behavioral22

    • Target

      wscripts/firewall-remove.vbs

    • Size

      367B

    • MD5

      5d4d70cdf36fcdaa292da1da9133320c

    • SHA1

      92dc18d3d1128d43f482ab56804136c687b00713

    • SHA256

      75f1dece4fda689a907f6d74b513adb0c1771c1b79ea71160179542c9c4ab2f0

    • SHA512

      b54c92fbecb10ddf66d1b7ad950ffbc13f504c71081a8bd56c28c5689a2bf19bd81b467e0697c38f140c72a273eb9eb837105e738c6f1ac4f43344e2ab521778

    Score
    8/10
    evasion
    behavioral23

    • Target

      wscripts/legacy-cleanup.vbs

    • Size

      115B

    • MD5

      c78520c3162c1962f3164714b37eb4d0

    • SHA1

      67c19b8aea7ad99465976dbcd3efcfdd7d62e3fe

    • SHA256

      dea38bd553abe93c689de42d0220add18f9be3e3d2fa53f97eb8649f586df4f3

    • SHA512

      cfbfc2c7dd8019f98b77e8881680ef9d0135a210fb9b0136a4992c236d971e247aa1641cd2eafdc5f6f5bb61002b30ea14b226127c4cef04f3b3d6be3a941fcc

    Score
    3/10
    behavioral24

    • Target

      wscripts/service-install.vbs

    • Size

      412B

    • MD5

      971e2a344a6e17347a81eeb21ada7ba7

    • SHA1

      37e034c29adda9b118b75bfdc7c6f41aac71e257

    • SHA256

      01f62a12de3307b375dff3ebcd6961d76ffcbc24f70682c7875655a811ce76a1

    • SHA512

      5ea0750dc07ff1a0eb1807043b48fb9ed54f6dcb96ce03cb543b0ea36d326779814b6cb87091373574911662a35d75b576e35c5b8d781db36fe1503f8287c65d

    Score
    8/10
    persistence
    behavioral25

    • Target

      wscripts/service-kill-parsec.vbs

    • Size

      164B

    • MD5

      f7b0c63e7aea5cbd96f7bf1021b28b73

    • SHA1

      fc5b11a6bf022740de3ba15455b06ad3f061366b

    • SHA256

      71f9cc28497b959377439f6611615ef582745dd5b9cca02b5c4b24bb1fc3dfb8

    • SHA512

      c957b7b45b188af0b6e6698507e94564e8e5ccc8dbf5f0237827df373878291095887422584f7f3b7833cbcdd682531fa75c974ba1137031b32bf2ffba268191

    Score
    4/10
    behavioral26

    • Target

      wscripts/service-remove.vbs

    • Size

      150B

    • MD5

      b90e75dd7903cb2d6328bb3714865c7a

    • SHA1

      2d32868deb198726ed5feb80b66542bad7fbacee

    • SHA256

      970b3c2a9ea1906a177810990478932e3517f47aba267cf2ab9e4ba65e7b475f

    • SHA512

      3d4bfb86ec98fd85843ae5b63dcf5f475c6500380f02bb4d0dee15a5f7e2334abdbbcd9420b8ac05b5beb8a63b9ea16abcd70ae01c04b87a423fc288ff4dca0a

    Score
    8/10
    evasion
    behavioral27

    • Target

      wscripts/vdd-install.vbs

    • Size

      329B

    • MD5

      d94a4cc11c1440fe009058d5248e606a

    • SHA1

      5515ff9dcab82215794be8bfb8f69f1d33f75c23

    • SHA256

      71e283e98f875e4ceb9012e7ba7950d8d65a9d8d72bb916caa37fd1fe6c405bd

    • SHA512

      3fcee0c958bea67ad77ef6cc9dc7cc20497eb739475052159e18b4821de6741b7ab26230b36ae21d31d9659c13e7ea16148f14b68d55b37d2a6cd4845053d1d4

    Score
    3/10
    behavioral28

    • Target

      wscripts/vdd-remove.vbs

    • Size

      304B

    • MD5

      7414c331d58788784f820f0b2cc7b5b0

    • SHA1

      72301126d7a8cd2e21d5cd1a64844b08d0f4bebc

    • SHA256

      300f15c94dae513508bd87e28b632a9342ebf3ca059050af5f54d3cb0ee5a9ff

    • SHA512

      140258d6adb99a23af0f7b61605e5928dbd04d8295617773486f8c2dac7a7d29899b65b0bbb9558d5da3026de30569ca152f237df3d53597c68ecdec9bd86824

    Score
    3/10
    behavioral29

MITRE ATT&CK Enterprise v15

Tasks