Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Formware.3D.SLICER.1.rar

  • Size

    77.2MB

  • Sample

    240329-t6q3fsdb97

  • MD5

    74a5f93c3f13e9ce13c96f3b02516198

  • SHA1

    222abf98c2302cf1f17aef13e8698ea871d0c10d

  • SHA256

    d0adc542b2e1532535b5cfe9be02e11e583a6f44e105a27d63b281ffe3bbca14

  • SHA512

    88ec3cc8c0398a02ade89ef09e28d2772045b5f5fa6101611f50bf4eeddb8505503c788a6af0dffd888636c4437ecaaa926efb7e02a2821fcabd0140327d817c

  • SSDEEP

    1572864:HTZHXXBDn2oxDvsHRnF5LyttIMMtl2iJjqyS3nJGiKkMf+N764vl88ubY:zRl2qD+nF50t5MtQem3EiUf+RvO/bY

Score
10/10

Malware Config

Targets

    • Target

      Formware.3D.SLICER.1.rar

    • Size

      77.2MB

    • MD5

      74a5f93c3f13e9ce13c96f3b02516198

    • SHA1

      222abf98c2302cf1f17aef13e8698ea871d0c10d

    • SHA256

      d0adc542b2e1532535b5cfe9be02e11e583a6f44e105a27d63b281ffe3bbca14

    • SHA512

      88ec3cc8c0398a02ade89ef09e28d2772045b5f5fa6101611f50bf4eeddb8505503c788a6af0dffd888636c4437ecaaa926efb7e02a2821fcabd0140327d817c

    • SSDEEP

      1572864:HTZHXXBDn2oxDvsHRnF5LyttIMMtl2iJjqyS3nJGiKkMf+N764vl88ubY:zRl2qD+nF50t5MtQem3EiUf+RvO/bY

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Target

      Formware_3D_1-0-8-8_Trial-Reset_2_Activation.exe

    • Size

      678KB

    • MD5

      f8cc0c5190579654f633080bddb6265c

    • SHA1

      f286f101a0530dd9e091e5d34074a0a701ad7663

    • SHA256

      49a801a553d113a668ad2b61ffd93bd5d5d576235c81829cb0a21332ada25aeb

    • SHA512

      5dfc1adfc2a77693cabe15c300bd6a32effa4b3069eb8ca7d907ac340bff23474b78a13bdaa53306f6812d07b074230ccdf6e53d3c271ce4f609d2ce3f07808d

    • SSDEEP

      12288:RyIF9kLhvCxcHB0cRP/qSL9PoJzgqPlaeicSS+LqBs/P6YwoAe5dWT:RyI3kLtp+03bBuznaob+LqBs+feOT

    Score
    7/10
    • Executes dropped EXE

    • Target

      Formware3D_1165.msi

    • Size

      76.6MB

    • MD5

      d8513fabad9766f04e896fa7f9aca307

    • SHA1

      c1079daf7e43090635a022c117cc7071b2140d46

    • SHA256

      b2353d3b3b41541541b5cc3e181149c5a9f40c03e798c08d31248bb073cbce84

    • SHA512

      0e7d451c68aed1815abcb41378dd44e7af06258c9472f7d5626318d09aa82280eec50259005c7f3249a0adc4dc68f18d982ca155d256c60bbff4acecf30be13a

    • SSDEEP

      1572864:NTZHXXBDn2oxDvsHRnF5LyttIMMtl2iJjqyS3nJGiKkMf+N764vl88ub:xRl2qD+nF50t5MtQem3EiUf+RvO/b

    Score
    6/10
    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks