Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PowerISO8-x64.exe

  • Size

    4.9MB

  • Sample

    240405-s2hpvagc85

  • MD5

    d884550a8b075167353db3bc9118dd18

  • SHA1

    5975cbc800d452546a0ec7456d19fccc15ed085a

  • SHA256

    be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb

  • SHA512

    0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf

  • SSDEEP

    98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8

Malware Config

Targets

    • Target

      PowerISO8-x64.exe

    • Size

      4.9MB

    • MD5

      d884550a8b075167353db3bc9118dd18

    • SHA1

      5975cbc800d452546a0ec7456d19fccc15ed085a

    • SHA256

      be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb

    • SHA512

      0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf

    • SSDEEP

      98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      ec9640b70e07141febbe2cd4cc42510f

    • SHA1

      64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

    • SHA256

      c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

    • SHA512

      47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

    • SSDEEP

      192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc

    Score
    3/10
    • Target

      $R0

    • Size

      69KB

    • MD5

      9d199564b65a91a531b23844649459e9

    • SHA1

      8d84359ced1c51d14e70cb5ed36a6083c8b914cf

    • SHA256

      8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42

    • SHA512

      ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1

    • SSDEEP

      768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW

    Score
    1/10
    • Target

      $TEMP/$0

    • Size

      29KB

    • MD5

      c3b224d15a9036805575b2ff0bcefeda

    • SHA1

      74779ae82a97e97d770435d097821810f16c97c5

    • SHA256

      23d8aeff49ffbac9f9490e9739e059cd7064516dbcd693fe2de77830b127ff8a

    • SHA512

      5a5d98cc9a4aca076049340a4645879a8e4a1d2e24a672015627446d7e3729acf0b64bc8a0f702b8da735d22607fe13ba3ef6a497a57891804576899b06bb461

    • SSDEEP

      384:XE+iXOWKqv0WEXSvQiJb7Mejv14ESgQaMOaA9qqKYu8iFz/pvow3PrCDaU2:XxspKA0ZiVfWEVUfYuhFzVowOD

    Score
    1/10
    • Target

      devcon.exe

    • Size

      69KB

    • MD5

      9d199564b65a91a531b23844649459e9

    • SHA1

      8d84359ced1c51d14e70cb5ed36a6083c8b914cf

    • SHA256

      8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42

    • SHA512

      ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1

    • SSDEEP

      768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW

    Score
    1/10
    • Target

      piso.exe

    • Size

      21KB

    • MD5

      99c1672e8ed7c85474917ebbc6903f3a

    • SHA1

      5b7a4c43a169d2ee4ebc65a716cce846e26e8e1a

    • SHA256

      1f6ee5802f6cc16c5ce12661155201350b7c53587ddbf61c429d05abebb69a2a

    • SHA512

      8bac273ea6a811f8f7afdb2ba36aa5df1797aaa2c1e8a2569b810179fef81583d33bd626f9a3572ff3dd2e9b8be67d412a435cfc5b0fc244069f0922061f1ca6

    • SSDEEP

      384:FXhgKsW4zL6KZjthU53XnCm/Zn6KZjthUBopnCm/2Q:NWK2zGmjtu5nCKAmjtuBsCKD

    Score
    1/10
    • Target

      setup64.exe

    • Size

      20KB

    • MD5

      fdaf68ac10888345fc0dfedd070dbd07

    • SHA1

      160e72adf208e42511274e7dd786975cfce4d4d2

    • SHA256

      e69945c414a228f6299a30946401bbbb900d0b8a814e2ce8c5c44c12f130eb75

    • SHA512

      943ae7c986ec48d24ebf9c83a3821ecfb36aa7bca0c010c7b53030c0ee30980c848177b5ec33fb2317f71dececa3bee5adf53393fb6f30f8f9b7d475965038a5

    • SSDEEP

      384:yTwBHiBYcYV796KZjthUFYnCm/x86KZjthUDnCm/Gu:CoHiBYcYB0mjtu+CKFmjtubCKv

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks