Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be0fc0af35866bf6dbcdbe6cfcd78ff2

  • Size

    657KB

  • Sample

    240310-jnfhwsga6z

  • MD5

    be0fc0af35866bf6dbcdbe6cfcd78ff2

  • SHA1

    d9c9754f933fdccb4fd24d23e18b1aaa1e5ad5c4

  • SHA256

    30b50c9a1de2f21ef1eb78f18695bcb0f3989fff880a4872a3be3458d5f73433

  • SHA512

    067ed109490e633a61583f5439d65e0d8d6478045f1c4b0746d2b22f4dd759fe09d6712c9546ff83712f8c164aae0850b2910cc2428e54d397521f33edfa0adb

  • SSDEEP

    12288:tSC0BcjoAfPV/1Z0QKupUAD5jd1kBEoeFh5dOKfAwbVTEiP34oHfV6MXWmOBKvN:tb0BmHfPV/1Z0HupDDpdaOLh5dOKBEiD

Score
10/10

Malware Config

Targets

    • Target

      Keygen.exe

    • Size

      20KB

    • MD5

      bda654eb40ad8f5eb14bf3b931a71270

    • SHA1

      202fa0ac769e7dfde7861584237127d4108ea3c0

    • SHA256

      291550e0bbf532a0cc0c5bfea5e6f24c084372ef52a02be09deac769d5cb7297

    • SHA512

      f603227def1e86bcf7cb4f2b285617836f652646dc06e18cf007fb4a327c5d19ffff132b68b27dab8567bedbfbd546c3993c005c674c5a28157cdb7c79a1b045

    • SSDEEP

      384:WU45yYGoUmCt0SFI0EU8wl35KO/tFdR1FpyqgJn28:Wr8oPCRF58wl35KO/tFdR1KZJn9

    Score
    10/10
    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      Mocha.Telnet.v3.2.XScale.Smartphone200x.Incl.Keygen-SyMPDA/Keygen.exe

    • Size

      473KB

    • MD5

      18941095bbf897e1880bdd77f1f50c2b

    • SHA1

      d44eb8f9d83828372106e88858fcf67becb81ab0

    • SHA256

      73b232df35f94e6b31052a33e2a14fc57e353928fadd30b1292b6823c8595ed5

    • SHA512

      d93e76d777dae2845750fd297f14336c20caecbbb7366f06e5fa5a06292e7a75d8e9893b8a448b28435c166cafb7ebdc6ca4cdb7020279029e24c85d6a0cddda

    • SSDEEP

      6144:hJaiaZTY1DAA5Nw6dWW+18gVVZKtHdvYG5F8D4qpAH2sxJag/gwHgNU:JaZTYGA5Nw6odVyRYK2D4rV5HgU

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Target

      Mocha.Telnet.v3.2.XScale.Smartphone200x.Incl.Keygen-SyMPDA/sym-wmsmtelnetsp.exe

    • Size

      301KB

    • MD5

      acef837c9278c96f5f00e1b9e8338788

    • SHA1

      906bcec3f2aeb44127d954992e6ad6cd4ef2d87b

    • SHA256

      cae5105db3f5891d559fd1a9392c27138dd2481ccfd568884838d839b13f4bb6

    • SHA512

      d259f6554ecfbd8fe2afacabaf73e9f64a6b0d612757808adecfd355460c56234c55d25209d0dc91987c62f76b0fc1ca3a7897af8f753f14f7e2afc83b9bd99a

    • SSDEEP

      3072:0Rx4HYBvD+KLgB1batiBFVkiW2C3IZN2YtM9aNHa6kJo0zhDAAdt9XZAHlzxC4qf:sJaiaZTY1DAAGxCAjFkfItY0NfjMj

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks