Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

UnderWars.exe

windows7-x64

7

UnderWars.exe

windows10-1703-x64

7

UnderWars.exe

windows10-2004-x64

7

UnderWars.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UnderWars.rar

  • Size

    74.4MB

  • Sample

    240421-r8y5qseb2z

  • MD5

    c90d343e960c2a7773097bfd4075f2f5

  • SHA1

    79d68e67e2aea53f9d3c5a0ae58262cd28bba0f0

  • SHA256

    e0005227c3c8d598d73108b95758f2a64cc92305614bb111d5e9526a1201ed81

  • SHA512

    bee3c872ac104dcac82453b09307620834fa4045b1d0325ad4785585ad57199b49177360c895ce7486861d0fe1dce02d3e5642c97990bbb646a6f4ebeceb9fce

  • SSDEEP

    1572864:2g6LBYKH0aXsYQi2Jrydy7gJnsI0SNcucgzxTMWIyXYQ9:2juWcR3rEy8JnsqN0QMWV

Score
7/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      UnderWars.exe

    • Size

      74.4MB

    • MD5

      07459ba6359ffa670886e62d763f6614

    • SHA1

      3f582004f412cea04e164256f1268e2341a0a750

    • SHA256

      7ab82c1ffa37f1538594cc5ad56f6dd047baf2c30bfcce614f1ad28b56196d35

    • SHA512

      5c6b6ab9a73a11702fcffeae3b6eb72b6e30870d14da36b2232e6fd53579960e166fb948d9576768fee2504273d60607c097f9220007486b4c62b7ac89d83bba

    • SSDEEP

      1572864:rg6LBYKH0aXsYQi2Jrydy7gJnsI0SNcucgzxTMWIyXYQ:rjuWcR3rEy8JnsqN0QMW

    Score
    7/10
    discoveryspywarestealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks