Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

08/04/2024, 14:58

240408-scmmhaca56 8

03/04/2024, 19:45

240403-ygeeksag7v 8

General

  • Target

    TruCheck_v3.03.70_b3647_Updater.zip

  • Size

    195.7MB

  • Sample

    240408-scmmhaca56

  • MD5

    6164fe090a276050bcff0007bf94d22f

  • SHA1

    8993db831b87aba3589585e0bc3f7a830ded90fc

  • SHA256

    2df688778a3506068c27ee752f1ca6d6690fec755a3ca02b8f84478252ab2027

  • SHA512

    5c8313e8eb8f8740c1f8e366ec0ac94d30df78b3e14249d25d6cd1566d59c5f270f5d24750813122453328def5264e25ec8c223fa2c84afbe1f052033ffc4a14

  • SSDEEP

    3145728:omnMqv+JX2ycIzU2Jbe1ei+W5f+X85FLS3xpPGm5zVzeMht6J5FgK:3MqWF2LuUtepeXhyxpPXCd

Score
8/10

Malware Config

Targets

    • Target

      TruCheck_v3.03.70_b3647_Updater.exe

    • Size

      195.7MB

    • MD5

      719e9af110e7527608b8006f6290a29c

    • SHA1

      74a0684bffc141503c55572c12eecba2a3d9e5a1

    • SHA256

      29dc4464ba770c14edd38234dc1a26fc6a983212831ed653b50945be99153c12

    • SHA512

      140e648a28ac5e7a3180f7f311f84ee0a393146f066d3d800d25efff9e5f278d97445117b10c28a382b45c5b345183bdf11fc5227d6e687dedbfc3b8372d87ae

    • SSDEEP

      3145728:caSFaGTMXZ+IasZ4AR/gh6O6gx7AFaTzT6B7jdsOL9Nf0iVbSJNTRK:2aGwJ+TO496nU/nO7jdnky

    Score
    8/10
    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks