Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

e25d6621a3...4e.exe

windows7-x64

7

e25d6621a3...4e.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

rigsombuds...ed.ps1

windows7-x64

8

rigsombuds...ed.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48e100a1816e2c4696df7459f543114ad48ce8f5280169b1318d568ffe390b04

  • Size

    560KB

  • Sample

    240417-rm2zhabe78

  • MD5

    0208bef9a9cd409daabc6c88511cbc70

  • SHA1

    96a322bf61dee21cbb94cd34a37bc7d316d5ae85

  • SHA256

    48e100a1816e2c4696df7459f543114ad48ce8f5280169b1318d568ffe390b04

  • SHA512

    10c586c6f430946d37e5fa1b6c8cf3aab59c118e4686642abd6f08155f0a4153dd2cda95936bfe787dbab1192577a16918092b80ad81f92c093883ab283def56

  • SSDEEP

    12288:fE+UMTh7hiF3aS2VcpnSQwaaRCBBU/GV6tdrXekH49TrVM7HxGrxc7V:fdTJY3auSQZbEveQWdGMr+7V

Score
8/10
persistence

Malware Config

Targets

    • Target

      e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e.exe

    • Size

      574KB

    • MD5

      bae2b5f2ba2e3976d19f78cd57589b43

    • SHA1

      c8cbfb695d01b52a83790146fa2ff89de37447ad

    • SHA256

      e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e

    • SHA512

      fbaf47cfac100602fbfdf7bb3d29261c822ef5bfee8f4931ac2f6310339734ca13aadd2fb51f7f36ddc54daf59591723c69daf1eea54d71203ad3608046b70e8

    • SSDEEP

      12288:U1JKwATSHsf9/erPv2OzvwvtV9Tj20z168E7rg3ONKUHOI:UhATSMV/eL+OzGTjxzk8QOyHL

    Score
    7/10

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      293165db1e46070410b4209519e67494

    • SHA1

      777b96a4f74b6c34d43a4e7c7e656757d1c97f01

    • SHA256

      49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a

    • SHA512

      97012139f2da5868fe8731c0b0bcb3cfda29ed10c2e6e2336b504480c9cd9fb8f4728cca23f1e0bd577d75daa542e59f94d1d341f4e8aaeebc7134bf61288c19

    • SSDEEP

      96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN

    Score
    3/10
    behavioral3behavioral4

    • Target

      rigsombudsmndenes/Vildspors/Tjenestefries/Abrased.Wig

    • Size

      43KB

    • MD5

      bdc6750fa9e7f3f0e0967e682d730c3f

    • SHA1

      592f466b066cd59938eef2c53b9e41942d7cacce

    • SHA256

      3bf087d329e163f4300a66e02e102e45f58d39a13acf1a116ecb946233d69aa6

    • SHA512

      529621f4d8213bf2bcf9199c9b4add2c3c77461c8e1b75bc37aa1512590eb58af681f741489d023493fbb2043ba6ca4d00d6b9bab18d9e59ef3e1c8ea6ffc7eb

    • SSDEEP

      768:nXMWOJ+6hgfLifOQ7BFUMVqF+vNTg5aXSohz/5OcLxjqvtiXl/B7YRDY1KrvY3oV:n8zM6gSbLqFENTdioh9OcL1+i1UbQ4uO

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks