Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ADR_Instal...18.exe

windows7-x64

7

ADR_Instal...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

ADR.exe

windows7-x64

6

ADR.exe

windows10-2004-x64

1

ADR_Servic...er.exe

windows7-x64

1

ADR_Servic...er.exe

windows10-2004-x64

1

Help/ADRHelp.dll

windows7-x64

1

Help/ADRHelp.dll

windows10-2004-x64

1

Homepage_R.url

windows7-x64

6

Homepage_R.url

windows10-2004-x64

3

homepage.url

windows7-x64

6

homepage.url

windows10-2004-x64

3

Homepage_R.url

windows7-x64

6

Homepage_R.url

windows10-2004-x64

3

homepage.url

windows7-x64

6

homepage.url

windows10-2004-x64

3

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb94310369e46bc5bcb0901be9695c25

  • Size

    2.2MB

  • Sample

    240315-q8dncsab2s

  • MD5

    cb94310369e46bc5bcb0901be9695c25

  • SHA1

    8b4ed83189c0e76501f764392444b1b7f6c13e8f

  • SHA256

    325cd8cd74165c89739dc34ef141db4dcbbe849fbf63b952bd13f080e8506f8f

  • SHA512

    8ecb03ea4ded32aec545cf024d40a026d6570dc67069d38a064cec442705445a8dcbdfcde4102f3b96485b1a2cdc578fdf516a921fbad6a5bdaeef4e8de70942

  • SSDEEP

    49152:K/G9NHXPeyJZ99rBVTPkKfJrh5vuqg/4hCJWeo:7NH/nZTrBVsKhrhcqgAhCho

Score
7/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      ADR_Install_2.26 Build 118.exe

    • Size

      2.2MB

    • MD5

      df1aaddd7c0889fde5c720b7c590ea60

    • SHA1

      7cb8d0ad0eec83c411401bc70945bc50882bdc93

    • SHA256

      475b272a4cd0183b1fad4ef762faf2c25a586f38d33da324eb26a19c7073640c

    • SHA512

      c78f98095cb9c4ed3cd25fd314c59be7cba7d7ea3d185f9fd629ec9b9ed063d3481b39d453895f7439eb63591eeb43907d4123d6a8957f262c18e381871ea992

    • SSDEEP

      49152:DaBcX/yLfliUwUfuy0LW/jRQCDDKswXfmPX9/8mPhrFMOhvZksH5:/XafpdjRQCDesfXZ8yZFZZpH5

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      f62d03fcb1473110e920a9bb2c701006

    • SHA1

      c48444ef2daa60dcdf91f1645cd4ecd8e66545f7

    • SHA256

      17e2f205af12d5a86638dc83c95fc69199c41af2fa6daeb1e91ec330f68c5372

    • SHA512

      701d531d405d08054d53298141d5bbd56e74df7b22bcea5f9f0e5c4407421ea0ca9617aa84e740dc1dc44e6d14e58852c1ca2087213cc2319f2da44eaed0bc05

    • SSDEEP

      192:g6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTxK72dwF7dBdcQOz:g6JaVh4I5rpPbTx+BdhO

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      c9ac0758ce8c10793d39655064c653cb

    • SHA1

      8ba1f9dfcc671b5102f5940da67570c28252bc71

    • SHA256

      161d69c50e5c50d853fda129b6f6f6bc241214b87d13a33bf93543e7e6886119

    • SHA512

      54a8c2ded9a42de867c8a89a11701bcdb5d51aea168c4f3ffe8991859cf26f15d478b6111c85732c1059edbfd9408e42ca830706347a8ac87c5064e47d823349

    • SSDEEP

      48:SnKQ/z+vUML8eYXICmlmGYKHz0JSpXSxwo6mpwzcR3RqG8aEJpABofgMGKO:Qz+MM4eqmvz0JScx56mpwzAhWjGV

    Score
    3/10
    behavioral5behavioral6

    • Target

      ADR.exe

    • Size

      793KB

    • MD5

      22d15da443d9ce05bd4db542c671bdc2

    • SHA1

      31e2ee1c02b7aa2af5b17301bb5c8a4c80bf4291

    • SHA256

      c409ed66a84e3a1cc0754dd156676a0e4152c343b288f2bb01d49f8987c4418f

    • SHA512

      bac757ef777be13f6d4d15d90c3c824d6299c1773550be0c73c07f39eb7bf3207649f906bffa74c723172e9010774a2cb32d14486896a310f4a1781cc18866a9

    • SSDEEP

      24576:JDFELvaut+qaRb9xxR3UROireiB67MP+h2X6C:hK+BleTyiBth6C

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral7behavioral8

    • Target

      ADR_ServiceManager.exe

    • Size

      256KB

    • MD5

      befb07df7acb6ebcbc6ee0d423f9d2f3

    • SHA1

      d5a736277ba48309ec08ccac8a14b83e6b842465

    • SHA256

      db785ce2ab57d8d6618f25acd4d358bca8bcb729b94cff90232ec2aafc606478

    • SHA512

      adae639f670da057f4844ef89c1c943b62006d50484c863b90b28941d14b8d60c5c3adc7f12f2e363a8d929a8278d87938617a6e569ab47d802d71dbadaf7b54

    • SSDEEP

      3072:5z2SV1UqyekdTXFAKrohvhaRlZ38sH9L37gJO6wctr8HOoJAoeXPYzCFgegET0R:kSqeGXFAQeEPHFr0heHvZ

    Score
    1/10
    behavioral10behavioral9

    • Target

      Help/ADRHelp.dll

    • Size

      52KB

    • MD5

      387f4eb938fe8ada0784a988a5e94afd

    • SHA1

      037d276c5e3d6d514adc2fd1739bc172b9af3276

    • SHA256

      d79953062082601ecf6893b6bb0bee9b6ef56fc906bb3565d827d6b712eebc26

    • SHA512

      ab4f086adf0413fad60fd7f17e4a574ecfd61956dd9a313419494680041fe772b3f5f08b6ef639dbcfe9d4c8d5f86718199826bb55da6304b8d352ab4b8dab06

    • SSDEEP

      768:zSTHvrRsUQbrSOhL/mxB+1PVBRiUdVtzlD:zS7yXphDmxUWMtzl

    Score
    1/10
    behavioral11behavioral12

    • Target

      Homepage_R.url

    • Size

      92B

    • MD5

      9da7d68732ce5ec22e7bead92995c575

    • SHA1

      da55bca9533dfccbd970f4cd2918b1716cf32855

    • SHA256

      dc91a6b388fbf97c7a9b1ac87459d78e61e4e14268e4a3c9d3eb5a81aae8db80

    • SHA512

      29aed8799c6f747c0b6146cb61c4910471fb562a811827f2630061ade2f6f0029788d406b8421db34131385b8bf87d23ef1d34e3c24031b1a8c05b40842f6357

    Score
    6/10
    evasiontrojan
    behavioral13behavioral14

    • Target

      homepage.url

    • Size

      98B

    • MD5

      cdc78c48a2c7c0be23b53b4a573551c0

    • SHA1

      d6fe0c4e27726cec8b1543da5e8de9d5da7c8186

    • SHA256

      68b749a20c53ecfb067a38db0b9f658c6cf38facd100641c9bbc70ec7aecb96f

    • SHA512

      4b2a69002d2e8217d5758f1efe101147f23b30d188f893a42a0f06367a3d2a2d7c359b6fda085713932d387f4879758bd004c3c7df36f3ad8eb2c3b8dcbd2753

    Score
    6/10
    evasiontrojan
    behavioral15behavioral16

    • Target

      Homepage_R.url

    • Size

      92B

    • MD5

      9da7d68732ce5ec22e7bead92995c575

    • SHA1

      da55bca9533dfccbd970f4cd2918b1716cf32855

    • SHA256

      dc91a6b388fbf97c7a9b1ac87459d78e61e4e14268e4a3c9d3eb5a81aae8db80

    • SHA512

      29aed8799c6f747c0b6146cb61c4910471fb562a811827f2630061ade2f6f0029788d406b8421db34131385b8bf87d23ef1d34e3c24031b1a8c05b40842f6357

    Score
    6/10
    evasiontrojan
    behavioral17behavioral18

    • Target

      homepage.url

    • Size

      98B

    • MD5

      cdc78c48a2c7c0be23b53b4a573551c0

    • SHA1

      d6fe0c4e27726cec8b1543da5e8de9d5da7c8186

    • SHA256

      68b749a20c53ecfb067a38db0b9f658c6cf38facd100641c9bbc70ec7aecb96f

    • SHA512

      4b2a69002d2e8217d5758f1efe101147f23b30d188f893a42a0f06367a3d2a2d7c359b6fda085713932d387f4879758bd004c3c7df36f3ad8eb2c3b8dcbd2753

    Score
    6/10
    evasiontrojan
    behavioral19behavioral20

    • Target

      新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks