Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.BScope.Trojan.Yakes.32515.19044.exe

  • Size

    1.2MB

  • Sample

    240304-qt543ace59

  • MD5

    c8d8ff6643f95ce2542e5b5f35f55d5d

  • SHA1

    b169b6dd0cb019d3999271ec7115bbe92aa48560

  • SHA256

    1e77da5e92e35545023c369348c16d962738bc62819bf231557db3ff307c2be2

  • SHA512

    c4a5aef8503468fb9a3e0d3a11bc20960d9f59e5e499279b97e3cc8571f62bf9985f576e15fbb38eb9bf0045d051828700d5755b0d23c64a858aed9d0cef8cb5

  • SSDEEP

    24576:neLVr0B/ziNR1qXf4gYZE9yOQRXL9TUydhXaAIyiI3WyD7DHD:k10WNvqXf4gYhOiXLlUil

Malware Config

Targets

    • Target

      SecuriteInfo.com.BScope.Trojan.Yakes.32515.19044.exe

    • Size

      1.2MB

    • MD5

      c8d8ff6643f95ce2542e5b5f35f55d5d

    • SHA1

      b169b6dd0cb019d3999271ec7115bbe92aa48560

    • SHA256

      1e77da5e92e35545023c369348c16d962738bc62819bf231557db3ff307c2be2

    • SHA512

      c4a5aef8503468fb9a3e0d3a11bc20960d9f59e5e499279b97e3cc8571f62bf9985f576e15fbb38eb9bf0045d051828700d5755b0d23c64a858aed9d0cef8cb5

    • SSDEEP

      24576:neLVr0B/ziNR1qXf4gYZE9yOQRXL9TUydhXaAIyiI3WyD7DHD:k10WNvqXf4gYhOiXLlUil

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      7579ade7ae1747a31960a228ce02e666

    • SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

    • SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    • SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Score
    3/10
    • Target

      $SYSDIR/CryptoKit.CertEnrollment.Pro.x86.dll

    • Size

      365KB

    • MD5

      82d37ed4ff82ebb05447f3d42a1532dd

    • SHA1

      8e90812d31a05d427208a719ac75ae39a86aa5b3

    • SHA256

      630ac2ccbdbcfc42d640d53977e2eab0ef1ae712f49781099edb1022bdba52e9

    • SHA512

      7059d415cc78fb257f6ccd3de6fdae42bec613844414449cd07e395df3e76282ee4da2c67aa08d65808ea411412bed2579505df687fa0a70d4d3934ddd87e209

    • SSDEEP

      6144:9rotoj09rxQkMTRlJOpRM+M/6ceVuIayZBEIv/tr:9ro+ju9QkMTRlJOpRM+fr

    Score
    1/10
    • Target

      $SYSDIR/PECSP.dll

    • Size

      157KB

    • MD5

      3d82bb5002195fbd020e0335ef163755

    • SHA1

      4c63861f6f165c0ed5a7f3b4208d6faa58162713

    • SHA256

      d9d3212af22e384727c9c61ea8f4c5c92f435901ec2a1d49c1a921065efcda9f

    • SHA512

      22c2348c34b588ef7492d29dcb13f32ae80f4476ce6845634f9e1d79bcdf9c9ecac4fbe0181b24195a76b1e2652b0dc5c719af4db6c49f9f32a32ecdc0d303b5

    • SSDEEP

      1536:1hCzOs2pViinW7dxPU20aSi4fvp8gKjjR8Li5suIbptn4RtysGyNaKJcaFCnd:7vs6kUfW+LiJIgtysGyNaK3A

    Score
    1/10
    • Target

      $SYSDIR/PowerEnterCCFCCB.ocx

    • Size

      835KB

    • MD5

      52b115b1432264b16a055a2f04f2b0e3

    • SHA1

      32e660e7a2d8f058fe46984d512fbbbe6c2f4a80

    • SHA256

      4f7181b4a0f03dc31496d84a37dcd7a34c3fe079f015ae785117bcfecff8dc8f

    • SHA512

      46dda1a10699bbe88238e0da1d83b5fd2a1cc5f1284bb7034087842b4a954e2865a9a9e15ff3fd6a98a491401f451b655e564b507a32d10c97bd0148d44ab506

    • SSDEEP

      24576:1tk1+gvdVqxNb8pxuuBoe4fa0dot1xDxBt/FlR4aGX5F4c:01RVUbexuuBFydoNzlRS5q

    Score
    5/10
    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $SYSDIR/et199aCSP_BDCB.dll

    • Size

      180KB

    • MD5

      547053dee1a327a345ee46fb6ff841f5

    • SHA1

      9b30c2070ed9f583ab17746b9be3b17b143da4a3

    • SHA256

      a0879e2909d8d59acf6b8c8660900f36ba8fb21110a0b04a68e107a6798e731c

    • SHA512

      f5dd2a453a77bda4a94cea7d110137e334af285bf75ee14c43232c98c901d3038a16a5a67dc38de4425cfa92b77c62a424f1c79cd8bc5706b9b5651f18d64fdb

    • SSDEEP

      3072:9wlnW9/L3Th4uIv7UNbLgjl4IbwSKeH7n/cR6esaGpIceY31uJW:0WdD67CbLgjyIboebn0RDC3

    Score
    1/10
    • Target

      $SYSDIR/et199aCSP_BDCB_s.dll

    • Size

      10KB

    • MD5

      6b27956ba886ee230281d205e09e91a9

    • SHA1

      d5c7d9297df241b52573d03185a66528a84f5488

    • SHA256

      3df383f4b0195620badc0bb9f5e1d86ebdb4975b60da4b910a26fee9b4af474f

    • SHA512

      e7b9d770ef04dda2c2cf144c218851b2b933d59395caff6594e70d0d71db4a78319a51bcbd3479668ab7dad56acee4a24cc3c4206186ad6cc91f5314a498212a

    • SSDEEP

      96:Dpn00KCDOVnXB+im0KcOqW/PLZISj0epuVuw6YQCcTvka9IN80KIbWUksykajqq1:PAXBRQC3a9C8nZUadXe/09OFH

    Score
    1/10
    • Target

      $SYSDIR/iesign.ocx

    • Size

      155KB

    • MD5

      914c992f98a33f4729b950174a8b73b6

    • SHA1

      4e5f6d46fe7819fc696e00f3c9e258306fb392fd

    • SHA256

      407329fe7d2f0e1a7690af1421f68fcd468f370083da7aa74959644ed271d8d1

    • SHA512

      a8fb85c46e06e7661fef207a49a8370337dd69b9ce902d2483f2c676abc4faec717d41d497fcf80c8d50722109134193334122a38617769a6888f39cf717f604

    • SSDEEP

      1536:vY33ZuUzhr6jHU+CPDqPJoH8AnQ3hzNBxvyHeabyn744ccQVxMEtWSRxb:oZdzhr6j0DPDz7kDb2wc4ccQVxMehb

    Score
    1/10
    • Target

      AddTrustSite.exe

    • Size

      43KB

    • MD5

      a3bd4c9aed40f4775077f911f8d042ef

    • SHA1

      b129ecdc97d358f50b9a5a8ef7caa779b94c0206

    • SHA256

      3de8fcad1b5c65bd00ad617d403013e049043f281726881e42ee41fcaa0b35ac

    • SHA512

      1e56d91dac46858fbc9b83115f2a6b623112aae67ba35d73ac17cfab2ae59470985b777be6ce77620ef25dc0953722d62602053bcee5084c64bded61e031f5dc

    • SSDEEP

      384:V9pTdemeUSmGunoLLfdECZj18y2hqps2b9CVlFQnYPL5xFeM55:VrgO1gfJj8bcpsUoVlFQc5

    Score
    1/10
    • Target

      dojra.exe

    • Size

      31KB

    • MD5

      e5923a61cc4cbe7e330c76ec9719792f

    • SHA1

      cff82ea518033fff99a6d6a1e0cb7e66ae3decb9

    • SHA256

      79025c58910e5884e35d45439518aa202c8e28ca325c63759ed008b9f3a9dc48

    • SHA512

      4115b654e4d5bf57730bbeea0c2251917ec71f2e90153e754447eda0af4783e10819de1bb9f62be45690bd6d76bf67b07c52f76622395541f038bce3e8e47d1a

    • SSDEEP

      384:ahXifRW5BzB6nmlXNXyypJSoELl4nYPL5xFeMIS:ahXQgB6EykAFLl4bS

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks