Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
be0fc0af35866bf6dbcdbe6cfcd78ff2
-
Size
657KB
-
Sample
240310-jnfhwsga6z
-
MD5
be0fc0af35866bf6dbcdbe6cfcd78ff2
-
SHA1
d9c9754f933fdccb4fd24d23e18b1aaa1e5ad5c4
-
SHA256
30b50c9a1de2f21ef1eb78f18695bcb0f3989fff880a4872a3be3458d5f73433
-
SHA512
067ed109490e633a61583f5439d65e0d8d6478045f1c4b0746d2b22f4dd759fe09d6712c9546ff83712f8c164aae0850b2910cc2428e54d397521f33edfa0adb
-
SSDEEP
12288:tSC0BcjoAfPV/1Z0QKupUAD5jd1kBEoeFh5dOKfAwbVTEiP34oHfV6MXWmOBKvN:tb0BmHfPV/1Z0HupDDpdaOLh5dOKBEiD
Static task
static1
Behavioral task
behavioral1
Sample
Keygen.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Keygen.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Mocha.Telnet.v3.2.XScale.Smartphone200x.Incl.Keygen-SyMPDA/Keygen.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Mocha.Telnet.v3.2.XScale.Smartphone200x.Incl.Keygen-SyMPDA/Keygen.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Mocha.Telnet.v3.2.XScale.Smartphone200x.Incl.Keygen-SyMPDA/sym-wmsmtelnetsp.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Mocha.Telnet.v3.2.XScale.Smartphone200x.Incl.Keygen-SyMPDA/sym-wmsmtelnetsp.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Keygen.exe
-
Size
20KB
-
MD5
bda654eb40ad8f5eb14bf3b931a71270
-
SHA1
202fa0ac769e7dfde7861584237127d4108ea3c0
-
SHA256
291550e0bbf532a0cc0c5bfea5e6f24c084372ef52a02be09deac769d5cb7297
-
SHA512
f603227def1e86bcf7cb4f2b285617836f652646dc06e18cf007fb4a327c5d19ffff132b68b27dab8567bedbfbd546c3993c005c674c5a28157cdb7c79a1b045
-
SSDEEP
384:WU45yYGoUmCt0SFI0EU8wl35KO/tFdR1FpyqgJn28:Wr8oPCRF58wl35KO/tFdR1KZJn9
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
Mocha.Telnet.v3.2.XScale.Smartphone200x.Incl.Keygen-SyMPDA/Keygen.exe
-
Size
473KB
-
MD5
18941095bbf897e1880bdd77f1f50c2b
-
SHA1
d44eb8f9d83828372106e88858fcf67becb81ab0
-
SHA256
73b232df35f94e6b31052a33e2a14fc57e353928fadd30b1292b6823c8595ed5
-
SHA512
d93e76d777dae2845750fd297f14336c20caecbbb7366f06e5fa5a06292e7a75d8e9893b8a448b28435c166cafb7ebdc6ca4cdb7020279029e24c85d6a0cddda
-
SSDEEP
6144:hJaiaZTY1DAA5Nw6dWW+18gVVZKtHdvYG5F8D4qpAH2sxJag/gwHgNU:JaZTYGA5Nw6odVyRYK2D4rV5HgU
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
Mocha.Telnet.v3.2.XScale.Smartphone200x.Incl.Keygen-SyMPDA/sym-wmsmtelnetsp.exe
-
Size
301KB
-
MD5
acef837c9278c96f5f00e1b9e8338788
-
SHA1
906bcec3f2aeb44127d954992e6ad6cd4ef2d87b
-
SHA256
cae5105db3f5891d559fd1a9392c27138dd2481ccfd568884838d839b13f4bb6
-
SHA512
d259f6554ecfbd8fe2afacabaf73e9f64a6b0d612757808adecfd355460c56234c55d25209d0dc91987c62f76b0fc1ca3a7897af8f753f14f7e2afc83b9bd99a
-
SSDEEP
3072:0Rx4HYBvD+KLgB1batiBFVkiW2C3IZN2YtM9aNHa6kJo0zhDAAdt9XZAHlzxC4qf:sJaiaZTY1DAAGxCAjFkfItY0NfjMj
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-