Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

22/02/2024, 23:12

240222-2695bsgf99 3

22/02/2024, 23:07

240222-233wvagf86 8

22/02/2024, 23:03

240222-21plfagb6x 8

General

  • Target

    betav6_2.zip

  • Size

    735KB

  • Sample

    240222-233wvagf86

  • MD5

    cd2bb9857320b4a4f8616d3efe956823

  • SHA1

    a7e0809e4475257fda01291a27ff1207a996a185

  • SHA256

    3d16c0b2b646b27b4c97e8faf25cc0fb6163be6c8a06052e35c871ecdc1a2e0b

  • SHA512

    8a8e3d27a344203f47133af92c997a27d236e472e167dd246e97ce82613d8e481e6f16bce74d5aa48032585602c6969c782d22d780308e0fec4801ca07233d3c

  • SSDEEP

    12288:ldYUdLAZAJa2h9j8vAXKb7LGme6f2PyWRq7oGLslRZJbEqFQn9ZjOwK0lu:lRsAk2CIKPW6f2aJoKAvFQnPLK0Y

Malware Config

Targets

    • Target

      dex.py

    • Size

      72KB

    • MD5

      7f6b5c695ac2a3543a9921464a0b2001

    • SHA1

      0e6d2856a5156bd1b344b0c00786c43fc426094d

    • SHA256

      8698edb79ed0c8025d3e38313e691d3a580aec4950e73028cfbe1aa38427d591

    • SHA512

      f1d97f72cd7229856d32ad33321f2188084fe82ffa886b387481141a0b4be2090aa231d454556c4a3702c1692c406a3f0b32632246deebc1a270db39977f07ad

    • SSDEEP

      1536:spm9vXREPgKx+jFhdRvcAAKLg+jDCQX2mdR6QXuV5jmiKjuCtmHyl4ihlCnLje1F:spm9/RcgKx+j/kA9LpKQJdR6/V5yPjuI

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      index.html

    • Size

      5KB

    • MD5

      0af3046ee6edfda13b9937e605fb465e

    • SHA1

      019bfa006ea2b31e293c4d212012385a47c79be4

    • SHA256

      336ef0c1dbcfb6b43e7443c154cdc4f36b7436ec1c370fe49caae080a8df99c5

    • SHA512

      ac9d7a442ea7a2b1a96baa3fc2c21ecdcc3bf6427f6f3ccd3e47ac62386e1661a02ca3093c6dc14306260b25d5ac3258b745c80809a902ebaf3dfbf8bfea4134

    • SSDEEP

      48:pqNmNyhJgg3YyriumLvt+Z5prqRuYZAoFjAfFi6UFnQB2yr08yWDot9mq4/uR6+B:ADrfmeBWV0BUKB2yo8yWD+9HHB1LL

    Score
    1/10
    • Target

      launch.bat

    • Size

      55B

    • MD5

      eba1cce2735dee5889cd301bd8d6920c

    • SHA1

      8603ce6f40ca1e7c96e2d0f73bea0c7f2ce060d1

    • SHA256

      1a657bd8ee49122a706ee9e7f59d53e8c052213d94febb48134b8e64789f5b92

    • SHA512

      3c40369fe4755196579a1ac2783e6069d0a49bd159641973e3576b295351495ae7de87085915517e7e9da6f8a601d2658affe63dddaeef8e3869f5a44ce9521b

    Score
    1/10
    • Target

      objects.py

    • Size

      50KB

    • MD5

      42d811d9a9b6eaf38796fa43856a25bf

    • SHA1

      e77278eb211dc69608cbf66e0351ccae6765dc41

    • SHA256

      e20593f5f3c8c51f578b9643ab35ed8e2088d049212336dfb40855415346ef5b

    • SHA512

      b6fe10e1fc9b6a881cc66551f716e4eb0df96f6f0e23e05eb90a28983ded73ec4f740791588b22b61e3b7065b9cd372ff9dd67d4779be386d86326f294e77882

    • SSDEEP

      1536:dVYyxXmTPO4WHyjRfzg3PxqbhMHGPm9hSBFung:LrXmzOWLg3PxqbhMHmghtng

    Score
    3/10
    • Target

      olympia.py

    • Size

      77KB

    • MD5

      e2d3dd55819057748b87e440ca04aa76

    • SHA1

      7cb34f7a396c34c217ab2ea167b398d237164bc0

    • SHA256

      47356f6f2d33a1b7175d0d78efa9914662a09839082b59a560dbb1019fd973ba

    • SHA512

      2ca54bcbbd2ab1a3bde5ede95e4a9c1ec85a22fccbe68af1c0f3788118fffe97ecb204944ff0cebeb807de40c26634bc7138714a1a668e05f5ccf9d58a281542

    • SSDEEP

      1536:XxrdMT7gm16DRkIzzBoGtgE2Y5WvT7GA2FJcvQ6KrP2f4qvZ3lqJ163D:XxrdWgmkDRkmGGtnT5Wb78EQvj2wqB1Z

    Score
    3/10
    • Target

      pyarmor_runtime_000000/__init__.py

    • Size

      103B

    • MD5

      3e6a43280f67a1dfe527a31b6e6f9f5d

    • SHA1

      a7ae7c51c3143c36a3d0722b0596ccd954697aa4

    • SHA256

      dd990b723ec5ea4b18188374279938e3d01a58809526ec26dda9598d67e78483

    • SHA512

      ddbfeccc5b6215196d0ea41947cdc5072a7255b4ace8ad655864b51af2e07d4bc66ca90c92c54a902a0d5dcb0fa85d46cf47e787d82163c4484f3a7e531cde4f

    Score
    3/10
    • Target

      pyarmor_runtime_000000/__pycache__/__init__.cpython-312.pyc

    • Size

      231B

    • MD5

      3d248dc97d67db3a5a70faa1e21ccbc8

    • SHA1

      b03f1a6526b96818893e8a630bb61da23dae4773

    • SHA256

      e434702396ab3379ede9b84ce83f0dc4858994f86ad12d8f786719ac6e8622c2

    • SHA512

      38105c7c08994dde053008b9776cd2ea6f338748569f6c2eb7451eaa6e0b198583c6a0363221e209f9a3ab8dac09b059bc1299c86d1c906443831accf30546c2

    Score
    3/10
    • Target

      pyarmor_runtime_000000/pyarmor_runtime.pyd

    • Size

      611KB

    • MD5

      5402a5c8f6f0e3dd761f5d663f95b7b7

    • SHA1

      fdb9bda4542fb10811b16a6c7ec1863504a0802d

    • SHA256

      6318874dbd87e717371ad6e66767c85c5bbe1ac7a5719ca1617ea66d09f62702

    • SHA512

      1df05c4b35dafe3a1fc45e6c73f4bf2442d6ec0b88ed2a8519c99e4c2d0fee4dfe789f67a7208c7725e8d0e6b657f5214ee9b2c328e09023c6d08c4272aa0368

    • SSDEEP

      12288:jsX4kuP9hXcuFdcj7fUoPNMNu5RnEGHOs:jsOcuFdcj7fUoPNMNu5Rnn

    Score
    1/10
    • Target

      synapse.py

    • Size

      72KB

    • MD5

      039b14c26da9cfc8069a963bc79f7db3

    • SHA1

      eb258e25536eb2f68c7caec2bf8be2644164a42d

    • SHA256

      0f10da04c8f34ec7b3253312016ad2ca218e7b28eb29dee10f17b2faf04d07d1

    • SHA512

      5214727c6b67240558ef3afe8385214517b6136c7ed9862849e563009af822055c4e737da8c32b3ab60102ba662aa6da9978294fdd4a313fc3e2b100d3ac12d0

    • SSDEEP

      1536:XxDef7ua5lO5J5zb/ApV2ux5oExXJDsRtanbgt2nqQDaeFwuAuPcKH8CA3yU5Rye:heDuaepPE0uQE9JhnbgeqbeFwEPN8CAh

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks