Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
48e100a1816e2c4696df7459f543114ad48ce8f5280169b1318d568ffe390b04
-
Size
560KB
-
Sample
240417-rm2zhabe78
-
MD5
0208bef9a9cd409daabc6c88511cbc70
-
SHA1
96a322bf61dee21cbb94cd34a37bc7d316d5ae85
-
SHA256
48e100a1816e2c4696df7459f543114ad48ce8f5280169b1318d568ffe390b04
-
SHA512
10c586c6f430946d37e5fa1b6c8cf3aab59c118e4686642abd6f08155f0a4153dd2cda95936bfe787dbab1192577a16918092b80ad81f92c093883ab283def56
-
SSDEEP
12288:fE+UMTh7hiF3aS2VcpnSQwaaRCBBU/GV6tdrXekH49TrVM7HxGrxc7V:fdTJY3auSQZbEveQWdGMr+7V
Static task
static1
Behavioral task
behavioral1
Sample
e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
rigsombudsmndenes/Vildspors/Tjenestefries/Abrased.ps1
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
rigsombudsmndenes/Vildspors/Tjenestefries/Abrased.ps1
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e.exe
-
Size
574KB
-
MD5
bae2b5f2ba2e3976d19f78cd57589b43
-
SHA1
c8cbfb695d01b52a83790146fa2ff89de37447ad
-
SHA256
e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e
-
SHA512
fbaf47cfac100602fbfdf7bb3d29261c822ef5bfee8f4931ac2f6310339734ca13aadd2fb51f7f36ddc54daf59591723c69daf1eea54d71203ad3608046b70e8
-
SSDEEP
12288:U1JKwATSHsf9/erPv2OzvwvtV9Tj20z168E7rg3ONKUHOI:UhATSMV/eL+OzGTjxzk8QOyHL
Score7/10-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
293165db1e46070410b4209519e67494
-
SHA1
777b96a4f74b6c34d43a4e7c7e656757d1c97f01
-
SHA256
49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a
-
SHA512
97012139f2da5868fe8731c0b0bcb3cfda29ed10c2e6e2336b504480c9cd9fb8f4728cca23f1e0bd577d75daa542e59f94d1d341f4e8aaeebc7134bf61288c19
-
SSDEEP
96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
Score3/10 -
-
-
Target
rigsombudsmndenes/Vildspors/Tjenestefries/Abrased.Wig
-
Size
43KB
-
MD5
bdc6750fa9e7f3f0e0967e682d730c3f
-
SHA1
592f466b066cd59938eef2c53b9e41942d7cacce
-
SHA256
3bf087d329e163f4300a66e02e102e45f58d39a13acf1a116ecb946233d69aa6
-
SHA512
529621f4d8213bf2bcf9199c9b4add2c3c77461c8e1b75bc37aa1512590eb58af681f741489d023493fbb2043ba6ca4d00d6b9bab18d9e59ef3e1c8ea6ffc7eb
-
SSDEEP
768:nXMWOJ+6hgfLifOQ7BFUMVqF+vNTg5aXSohz/5OcLxjqvtiXl/B7YRDY1KrvY3oV:n8zM6gSbLqFENTdioh9OcL1+i1UbQ4uO
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-