Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b7735720e766efee7ba2409e481e7fc8

  • Size

    12.0MB

  • Sample

    240306-p5manabb9y

  • MD5

    b7735720e766efee7ba2409e481e7fc8

  • SHA1

    81b2f1c4fad7109c6a7c7d2ea66db86f87abfed0

  • SHA256

    5c28511a37fa39869f2d6fef6f8e9c8e282216823ec401803b649d9b79b84260

  • SHA512

    05eeaf689ecb791b028f93ae084fb27423279307136202724f0708da85f7dbb7c05a6420e4e0826f034c8b7e47c8a2d642c38a7d0926961f1020c5d5d927b5ad

  • SSDEEP

    196608:zFxfv1GzgP9pE3gc1AE29JJFCklAzIaFerSzOpF0+dOtXUfvD:RV9391c1r29JJ3irKF0cOtXU3D

Score
9/10

Malware Config

Targets

    • Target

      QtCore4.dll

    • Size

      2.4MB

    • MD5

      437149501b6f3e6efa0db102199da982

    • SHA1

      6fccefe7038e8e564cfb123b2945bd32f0419eaf

    • SHA256

      b96f6c62a747ec3b8644f6487b626afd89102f638349e30dacefadd2122ea552

    • SHA512

      b3dfdbbd259f2449a334730d84493efd824f0c057e84937ffbb77d44bf9a06c8271023af27e1b4ccde95b8d63f46d964e411d77abb751b0e37366d0f26725a31

    • SSDEEP

      49152:CDPfV/OFDsKpLVYuBnM3Jsv6tWKFdu9CDTILyvL/6mShMZtmjNUVrciV5P+7QVgH:CDPfaTDpkJsv6tWKFdu9CI

    Score
    3/10
    • Target

      QtGui4.dll

    • Size

      8.0MB

    • MD5

      b049f9abf7d11ce94c6f9b5c66d8c011

    • SHA1

      ae4792227ed2c50fe61703abc980de1c11c9b8be

    • SHA256

      e93a1b84f13ac4c37fe3ba6f6f70126b7bbf61fee29cd2e64402468a0e873b97

    • SHA512

      8167397a27155a3ddd88217de11d3ad00262bd04465039e3319cf8fa87ba94283bc90578d00e58f2dfbc48d8252b20ec5ace190838ed19b446feb074c263efe1

    • SSDEEP

      98304:AxG0ZfWg5IUZuNIKZhX0l/Of5DRgLw4vP7481nDsPbJ:AxVZf/IUZuGkxYWf5+A

    Score
    3/10
    • Target

      QtNetwork4.dll

    • Size

      983KB

    • MD5

      2b653fea9a9d62172154174f2fa9a8e3

    • SHA1

      1581935c56c29522c9d65b68bb0ccbaf2b2cda46

    • SHA256

      105612c82d548d034f1478968fb50bfe2d52f338dd003d5b3d5ac12ab3f1622e

    • SHA512

      5390697d4abdb3d82ca1175b51be11d1999e89bb090fb540236196c9839705cac151968be6194b6e13999734dfb2377b135d5704f28d48fb304c627045be2b04

    • SSDEEP

      12288:Ej6ao6Js7aRcHhazfkYSgMa854EMeTElfSODH+YAJmBHPykUetXtMxW+mbxr8F:EWl6OPHMfkYSz54EkfbH+lkt9kq

    Score
    3/10
    • Target

      libeay32.dll

    • Size

      996KB

    • MD5

      1ef203f15d2cadde7dead56cebcab76f

    • SHA1

      0e8ebe37ced8018ab85b021eea50987ee1a86b85

    • SHA256

      43bd635e9c372b57c15d40bf03079e3135ebd98e9d1ec1f87bf59ca04c859208

    • SHA512

      417cdda1d3ac73bce6ad9db7cb7a35c22788595a138675b58fd301d17e799d13a7ae6c5d65e115db15700882043ac135396637a4f29b8451b523ed2b26904b02

    • SSDEEP

      24576:vacXtxw2fK4OgF246WqrSpeBumZG0B7dGZ:v6HH46/SpYumZGsGZ

    Score
    1/10
    • Target

      nksl3_logger.exe

    • Size

      2.2MB

    • MD5

      81ea9111c486b134ea63fa0c500579f4

    • SHA1

      0d0fa71f39f888a4692eaa47819f42b868217574

    • SHA256

      92690cf47586af87c63228d63f36f5738c398d3f243dc6bbfe2aea03381250bf

    • SHA512

      41266c626e7202ed5671d39b43a0b1bd16fc2b0453e3aa98fee642b7ccfed666212b1597d8ff068cfa0636b0b72290a9a744cd4003ba5d47a0af30a6dc1339aa

    • SSDEEP

      49152:kfu22WgIny+LDsEZ3Z/1I8H9qWJBZbEswm8KYDhK22xYzFiIe2G7Sw:kuOgkyWNV8yfbx+K22ydul

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      runtime/Nokia_Connectivity_Cable_Driver_Version 7_1_69_0.msi

    • Size

      7.7MB

    • MD5

      80bb7bb30e33ac2b7bea51e6681b56bc

    • SHA1

      9def00a0f350f845e27c421dbac170ca29e5f5ce

    • SHA256

      876a015fc3380cab42b31e09a193990d93f2441b7066aec7b99b8b88b8d9e2c7

    • SHA512

      b52346fb3e2516643e412275406cda7a19e8a2be31e15c486c94743e6b3b5e58591158468450f09845ba3770819186cb3645e7f19f5a78210c1320d3d0382e8a

    • SSDEEP

      98304:VAXDF1NUnLjzytCVZWqiIaniHQnN0fuZb9VBeCs4:WXNUnLjGyZBiIaniwWGGCp

    Score
    6/10
    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      runtime/handle.exe

    • Size

      413KB

    • MD5

      50c128c5b28237b3a01afbdf0e546245

    • SHA1

      7dffdfde2856d2dbd21f54af16edd9cc3447cb6f

    • SHA256

      4690b6fca6898297eb31259c7fad2edaea5308ff8628c12c4586c5fc9902247e

    • SHA512

      6ac8aa872afcde96833e9b347db8765aac0378231c0a920781a14d1d4a79ed3bc1ff1a7cd6b2ac3f7e03c43208c6d2b77b75649497a4d0bea611c22ca54e90ff

    • SSDEEP

      6144:Gzhmwu/RyL8heQcnyRE11ulyhCs2VSP0N3+mUinHv6AcNkqJGLrVU5B:cw/ULVQw1J2eOvAG3K5B

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      runtime/vcredist_x86_2008.exe

    • Size

      1.7MB

    • MD5

      b936f0f378b9a35489353e878154e899

    • SHA1

      56719288ab6514c07ac2088119d8a87056eeb94a

    • SHA256

      c6a7e484f4d84883bc1205bccea3114c0521025712922298ede9b2a1cd632357

    • SHA512

      acdf7b464a258b3ae3015c808d0e08a697ba3209662faa9b18c1aee882bf236dc725f6c3425cb6f9e10d8ab5cbb82ac118ff947a4b9ec6f91c2e150b0beef70f

    • SSDEEP

      49152:wQixbpVndRcpfqwYO3u2XoKNLlMDEe/pmVS/F0jD:wtdnfnwp3oOLuB/3/uD

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      ssleay32.dll

    • Size

      205KB

    • MD5

      88c07e0ba6aa49cbae9958790c30c564

    • SHA1

      aa327f0f7bb6a7a428726553a490c6894be50405

    • SHA256

      157e81c3be64751f8b1b0dfa0b0b32b45d841c71b38392cf807951a5dfe869a8

    • SHA512

      698a99373400406a4cc5115f7d41218cd5e264b2818a6a1742d6ffdfe23f1373bc876dba7d2dc2bc82df76c99fb32291f7ca086d52e1251e49c4a2988c19ad23

    • SSDEEP

      6144:gYZ6fUZmg59YgyIaPxsg0knnWpLtKACG+P7WBpnoF4XBok:gYqUZP9YghaPxbbn0vCG+P7Wu4XCk

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks