Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Formware.3D.SLICER.1.rar
-
Size
77.2MB
-
Sample
240329-t6q3fsdb97
-
MD5
74a5f93c3f13e9ce13c96f3b02516198
-
SHA1
222abf98c2302cf1f17aef13e8698ea871d0c10d
-
SHA256
d0adc542b2e1532535b5cfe9be02e11e583a6f44e105a27d63b281ffe3bbca14
-
SHA512
88ec3cc8c0398a02ade89ef09e28d2772045b5f5fa6101611f50bf4eeddb8505503c788a6af0dffd888636c4437ecaaa926efb7e02a2821fcabd0140327d817c
-
SSDEEP
1572864:HTZHXXBDn2oxDvsHRnF5LyttIMMtl2iJjqyS3nJGiKkMf+N764vl88ubY:zRl2qD+nF50t5MtQem3EiUf+RvO/bY
Static task
static1
Behavioral task
behavioral1
Sample
Formware.3D.SLICER.1.rar
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
Formware_3D_1-0-8-8_Trial-Reset_2_Activation.exe
Resource
win10-20240221-en
Behavioral task
behavioral3
Sample
Formware3D_1165.msi
Resource
win10-20240221-en
Malware Config
Targets
-
-
Target
Formware.3D.SLICER.1.rar
-
Size
77.2MB
-
MD5
74a5f93c3f13e9ce13c96f3b02516198
-
SHA1
222abf98c2302cf1f17aef13e8698ea871d0c10d
-
SHA256
d0adc542b2e1532535b5cfe9be02e11e583a6f44e105a27d63b281ffe3bbca14
-
SHA512
88ec3cc8c0398a02ade89ef09e28d2772045b5f5fa6101611f50bf4eeddb8505503c788a6af0dffd888636c4437ecaaa926efb7e02a2821fcabd0140327d817c
-
SSDEEP
1572864:HTZHXXBDn2oxDvsHRnF5LyttIMMtl2iJjqyS3nJGiKkMf+N764vl88ubY:zRl2qD+nF50t5MtQem3EiUf+RvO/bY
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
Formware_3D_1-0-8-8_Trial-Reset_2_Activation.exe
-
Size
678KB
-
MD5
f8cc0c5190579654f633080bddb6265c
-
SHA1
f286f101a0530dd9e091e5d34074a0a701ad7663
-
SHA256
49a801a553d113a668ad2b61ffd93bd5d5d576235c81829cb0a21332ada25aeb
-
SHA512
5dfc1adfc2a77693cabe15c300bd6a32effa4b3069eb8ca7d907ac340bff23474b78a13bdaa53306f6812d07b074230ccdf6e53d3c271ce4f609d2ce3f07808d
-
SSDEEP
12288:RyIF9kLhvCxcHB0cRP/qSL9PoJzgqPlaeicSS+LqBs/P6YwoAe5dWT:RyI3kLtp+03bBuznaob+LqBs+feOT
Score7/10-
Executes dropped EXE
-
-
-
Target
Formware3D_1165.msi
-
Size
76.6MB
-
MD5
d8513fabad9766f04e896fa7f9aca307
-
SHA1
c1079daf7e43090635a022c117cc7071b2140d46
-
SHA256
b2353d3b3b41541541b5cc3e181149c5a9f40c03e798c08d31248bb073cbce84
-
SHA512
0e7d451c68aed1815abcb41378dd44e7af06258c9472f7d5626318d09aa82280eec50259005c7f3249a0adc4dc68f18d982ca155d256c60bbff4acecf30be13a
-
SSDEEP
1572864:NTZHXXBDn2oxDvsHRnF5LyttIMMtl2iJjqyS3nJGiKkMf+N764vl88ub:xRl2qD+nF50t5MtQem3EiUf+RvO/b
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1