Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

VirusShare...a2.exe

windows7-x64

7

VirusShare...a2.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

1

ffMediaWat...ion.js

windows10-2004-x64

1

ff/chrome/...969.js

windows7-x64

1

ff/chrome/...969.js

windows10-2004-x64

1

ff/chrome/...ion.js

windows7-x64

1

ff/chrome/...ion.js

windows10-2004-x64

1

ie/MediaWa...69.dll

windows7-x64

6

ie/MediaWa...69.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_4bf3845d2fea32a04d27624653f6b4a2

  • Size

    634KB

  • Sample

    240204-pb6r7sgge9

  • MD5

    4bf3845d2fea32a04d27624653f6b4a2

  • SHA1

    639c4ae9839a87fb693613fa7488083a30b8ee8e

  • SHA256

    9099720e02c8a901fd943081dd1475ab675538232a6d2c03a2503c588c0406ee

  • SHA512

    32090553b56fa0dc2d743906eb64b9676b6a70d741566d83ec750e1d0d3a2b1a9b9121590d3050460b1ebcc3bc7da6f48acd321feae1a2c82fb68e33a5429db6

  • SSDEEP

    12288:SqCYwBcVxG4GjeZHkwuPikQ7lKH5p5H9x1kqeZHkwuDivQhlKL5p/xlolfq:SqjwuxG4GjeZEXi37l6Br1kqeZE7iohU

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Targets

    • Target

      VirusShare_4bf3845d2fea32a04d27624653f6b4a2

    • Size

      634KB

    • MD5

      4bf3845d2fea32a04d27624653f6b4a2

    • SHA1

      639c4ae9839a87fb693613fa7488083a30b8ee8e

    • SHA256

      9099720e02c8a901fd943081dd1475ab675538232a6d2c03a2503c588c0406ee

    • SHA512

      32090553b56fa0dc2d743906eb64b9676b6a70d741566d83ec750e1d0d3a2b1a9b9121590d3050460b1ebcc3bc7da6f48acd321feae1a2c82fb68e33a5429db6

    • SSDEEP

      12288:SqCYwBcVxG4GjeZHkwuPikQ7lKH5p5H9x1kqeZHkwuDivQhlKL5p/xlolfq:SqjwuxG4GjeZEXi37l6Br1kqeZE7iohU

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home969chaction.js

    • Size

      829B

    • MD5

      96fbd196fa7e49c137f914ec8b195797

    • SHA1

      328b543d6acbd86308e0882569d1ea28f78a9b8f

    • SHA256

      cd23b8d2b891e4a063467749bb0e38952276803714e0a1ea0cdfa6da3659fe33

    • SHA512

      ce6dbfbcf375d9c222956c5151f8face990f475f59531c4343a8f68b45667576395f17ef4aa70a9bf48a963bb1da47855e8fd1a369ad88ae1141c6e8646dacbe

    Score
    1/10
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home969.js

    • Size

      744B

    • MD5

      7bbca4e2bc8ed4e02aef2d847b077940

    • SHA1

      3f6747706d277bd09b5e1f65bb4ba693d9c81741

    • SHA256

      6ceb397b3f8c76123101b9746dcf6497ec3d80a40cd66554d91010cb211bc91f

    • SHA512

      84c339f7ecac5b658d39d0ce77c33c020ac7c4bcf79e22b3b7657a676e171e45c9dde3c65f231143cf127ad521c20622eff1798239142efb9ee0be15768cb65c

    Score
    1/10
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home969ffaction.js

    • Size

      674B

    • MD5

      fd904e91086ad21aafb622c41358f848

    • SHA1

      39d4206f36268595de103917e62e41262c2e99b9

    • SHA256

      492e378518403c9077564c95c24ed69b1a1bcb25179842a28d40d06f55ffce9c

    • SHA512

      b8461d2c60f208b788257ec30e2379438b12086894e80ef3644a97163a28326deff2152934784610bc20fb046498acb7e194c31ddac5c1096fbf6212cbb9f077

    Score
    1/10
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home969.dll

    • Size

      85KB

    • MD5

      7a653929c5c9e94267f4076c3072e99d

    • SHA1

      d3062eec7ab6eb7f7dee6abc1d1e9aeb5c67101d

    • SHA256

      97758420a28db079627538eabfe3bb1827e5a24da6c67bf9046b3551b3140948

    • SHA512

      946abbf7a33125ff30ab44a93812e27e8fe94a51878f830c35f4361f32eed08a6df9a172b2a274b837fc6e1350d7aa5f03b01903202d93000a04a424450bb685

    • SSDEEP

      1536:bn/1CsEmkaMAvtahrOb8DktUgHA9glQMf02UN:L12mkaMAlahrOUgguaMf+

    Score
    6/10
    adwarestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      63101ae6f4a8c45a164aefe14456d15c

    • SHA1

      54872d12c9957c9011649a6f74ea0659a8951f19

    • SHA256

      d6f57e95114a912252f7e8935022e0966622e3028f1a1271f8aef64b46a950da

    • SHA512

      c8284e52aac0cf9fd154f96e5771ef4042e806e871149a7d5e3e81910a99c708836ed2bbb24b32bda7fe7c21bf592210cbfba48ff9483ee507b7916263ce096a

    • SSDEEP

      6144:Ee34RWapeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x17:EWqeZHkwuPikQ7lKH5p5H9x17

    Score
    7/10
    spywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks