Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PowerISO8-x64.exe
-
Size
4.9MB
-
Sample
240405-s2hpvagc85
-
MD5
d884550a8b075167353db3bc9118dd18
-
SHA1
5975cbc800d452546a0ec7456d19fccc15ed085a
-
SHA256
be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
-
SHA512
0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf
-
SSDEEP
98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8
Static task
static1
Behavioral task
behavioral1
Sample
PowerISO8-x64.exe
Resource
win10v2004-20240319-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral4
Sample
$R0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$TEMP/$0.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
devcon.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
piso.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral8
Sample
setup64.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
PowerISO8-x64.exe
-
Size
4.9MB
-
MD5
d884550a8b075167353db3bc9118dd18
-
SHA1
5975cbc800d452546a0ec7456d19fccc15ed085a
-
SHA256
be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
-
SHA512
0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf
-
SSDEEP
98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
8cf2ac271d7679b1d68eefc1ae0c5618
-
SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8
-
SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
-
SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
-
SSDEEP
192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
ec9640b70e07141febbe2cd4cc42510f
-
SHA1
64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
-
SHA256
c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
-
SHA512
47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe
-
SSDEEP
192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc
Score3/10 -
-
-
Target
$R0
-
Size
69KB
-
MD5
9d199564b65a91a531b23844649459e9
-
SHA1
8d84359ced1c51d14e70cb5ed36a6083c8b914cf
-
SHA256
8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
-
SHA512
ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
-
SSDEEP
768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score1/10 -
-
-
Target
$TEMP/$0
-
Size
29KB
-
MD5
c3b224d15a9036805575b2ff0bcefeda
-
SHA1
74779ae82a97e97d770435d097821810f16c97c5
-
SHA256
23d8aeff49ffbac9f9490e9739e059cd7064516dbcd693fe2de77830b127ff8a
-
SHA512
5a5d98cc9a4aca076049340a4645879a8e4a1d2e24a672015627446d7e3729acf0b64bc8a0f702b8da735d22607fe13ba3ef6a497a57891804576899b06bb461
-
SSDEEP
384:XE+iXOWKqv0WEXSvQiJb7Mejv14ESgQaMOaA9qqKYu8iFz/pvow3PrCDaU2:XxspKA0ZiVfWEVUfYuhFzVowOD
Score1/10 -
-
-
Target
devcon.exe
-
Size
69KB
-
MD5
9d199564b65a91a531b23844649459e9
-
SHA1
8d84359ced1c51d14e70cb5ed36a6083c8b914cf
-
SHA256
8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
-
SHA512
ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
-
SSDEEP
768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score1/10 -
-
-
Target
piso.exe
-
Size
21KB
-
MD5
99c1672e8ed7c85474917ebbc6903f3a
-
SHA1
5b7a4c43a169d2ee4ebc65a716cce846e26e8e1a
-
SHA256
1f6ee5802f6cc16c5ce12661155201350b7c53587ddbf61c429d05abebb69a2a
-
SHA512
8bac273ea6a811f8f7afdb2ba36aa5df1797aaa2c1e8a2569b810179fef81583d33bd626f9a3572ff3dd2e9b8be67d412a435cfc5b0fc244069f0922061f1ca6
-
SSDEEP
384:FXhgKsW4zL6KZjthU53XnCm/Zn6KZjthUBopnCm/2Q:NWK2zGmjtu5nCKAmjtuBsCKD
Score1/10 -
-
-
Target
setup64.exe
-
Size
20KB
-
MD5
fdaf68ac10888345fc0dfedd070dbd07
-
SHA1
160e72adf208e42511274e7dd786975cfce4d4d2
-
SHA256
e69945c414a228f6299a30946401bbbb900d0b8a814e2ce8c5c44c12f130eb75
-
SHA512
943ae7c986ec48d24ebf9c83a3821ecfb36aa7bca0c010c7b53030c0ee30980c848177b5ec33fb2317f71dececa3bee5adf53393fb6f30f8f9b7d475965038a5
-
SSDEEP
384:yTwBHiBYcYV796KZjthUFYnCm/x86KZjthUDnCm/Gu:CoHiBYcYB0mjtu+CKFmjtubCKv
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1