Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    WaveTrial.rar

  • Size

    156.4MB

  • Sample

    240427-tr2kmsch46

  • MD5

    0159c8632597db4afc30105f24cdd3ea

  • SHA1

    5e80272c6ff0d820cdb0a4f98f7fbf0d558f5957

  • SHA256

    0ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2

  • SHA512

    587e4dc7ae21036f3aaec3e99955670ef0c457fab23db79b71f0963acc79a1f2eca61b2233b6770672a139b0f8a9ae98ad65bed2431aac476fe7d4e293e666fe

  • SSDEEP

    3145728:GeUQUfKvWr13d8VZDUdp27PkF5oeUahBcPVyMVob2395nOl0tUD:MKuh+DU72TkF5oeVBMX3nnptUD

Malware Config

Targets

    • Target

      WaveTrial/Injector.exe

    • Size

      3.4MB

    • MD5

      c6b39ee166d5b0a2c8a9021ccd1593ae

    • SHA1

      e480e7c282f64e8b0179c82afe154dd59d14217d

    • SHA256

      443b665c5f545a2bdd7855f86bf70a5ee7f35eda1b6b08615161f5809cbda02b

    • SHA512

      3864aea36c522ca5658412128e6a4c862a647cf3b1054b9adbe418488590a37600d7639c3eba94ca9de76f087b244b95644c667213b1122889cf2d9b7a4652d2

    • SSDEEP

      49152:Kl0nJ28J4VZohYWVGGjW8NhSU7zwo8oXJ2R3KPHsI7coj2J+eNgRpqNc1a:KmnJrJ4DohYWVTJNkIZZ2R6vsmA+FDqN

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      WaveTrial/Wave.dll

    • Size

      15.6MB

    • MD5

      b7660cbe69220a479611763e49cd50e1

    • SHA1

      2a89b9e56190204f7a776b6612d89baadaef911c

    • SHA256

      0c0c9b140ac34f43a7252ec81007024bcad1d5d526762e518513ec20ff0e3a2a

    • SHA512

      6b5aad55413600e57a7313779aed5868da49b6502bc2543eb675d582d0ba3ed0d1a153a7fdff04353c5019ee115c1ce01748548c24b679882be1f885be31b7ed

    • SSDEEP

      196608:d7sdHFJiem2Ijbtm+4dqFgva0HLmhBpRK5vtWAL4Lq22+oWlsHawFM+OuKsgAyhP:WViXbtm+Kvv4Rivtz+oWXuKseRP8

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      WaveTrial/Wave.exe

    • Size

      7.0MB

    • MD5

      a8bd4a6b2f1d00928e61870a5688c13d

    • SHA1

      e17646d5279534f2e3eb0e0cfc8b6c536bc0c095

    • SHA256

      2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f

    • SHA512

      6b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb

    • SSDEEP

      98304:37//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL:37//1xBVqvG5dQ2m0cN+hmdYkvsFLL

    Score
    1/10
    • Target

      WaveTrial/Wave.exe.config

    • Size

      4KB

    • MD5

      ae882f91fe4dc052fabd06774b2d30aa

    • SHA1

      92cbe5c66373ea3682116fab8068534920d281d7

    • SHA256

      50bd62b7fa97cb9564c4b418034138f30af993f84988b085e2b16d39aa74d79f

    • SHA512

      3fe7174259817beae8101e2ab7be068b9030bccff00a1f5aee13cfab3585037fdb1f9b470feea212351f85ec96f31da63289e4574d69e4ef413fce3fda3c6c78

    • SSDEEP

      96:wrwvxwDbDPwxOuzhrifBUXAUFUkUYUvUAc:wrw2DIxOEriJXejNGbc

    Score
    3/10
    • Target

      WaveTrial/chrome_100_percent.pak

    • Size

      682KB

    • MD5

      d3e06f624bf92e9d8aecb16da9731c52

    • SHA1

      565bdcbfcbfcd206561080c2000d93470417d142

    • SHA256

      4ee67f0b0b9ad2898e0d70ddfad3541fbd37520686f9e827a845d1930a590362

    • SHA512

      497126af59961054155fbb8c3789d6278a1f5426000342f25f54115429ff024e629783f50f0c5350500007854712b07f7d8174ecfe60d59c4fdd5f3d72dac262

    • SSDEEP

      12288:jI3H1fJxjzgsz5B0GDJQrnKs8SNP+QSsSilRBiNz40D+cIXm4pEqoO0TehErw5:83VBx7zEEmPLSOiNz40KcUjpEqoO0TOR

    Score
    3/10
    • Target

      WaveTrial/chrome_200_percent.pak

    • Size

      1.1MB

    • MD5

      34572fb491298ed95ad592351fb1f172

    • SHA1

      4590080451f11ff4796d0774de3ff638410abdba

    • SHA256

      c4363d6ecfa5770b021ce72cc7d2ab9be56b0ce88075ec051ad1de99b736dbbd

    • SHA512

      e0e7deccb26b7df78d6193750bfb9aad575b807424a0a5d124bd944e568c1bb1ae29f584246f753d619081a48d2897815145028ffedd9488e9a8f102cdc67e2f

    • SSDEEP

      24576:w3zB69p5zLmmibkFR8+mZR9hQumegvQtSP0KAwvdbbaV26edhOLoeu5:w3E53mNbkFRJmH9hQRhQsP0KVvdK2jrZ

    Score
    3/10
    • Target

      WaveTrial/data/settings.json

    • Size

      302B

    • MD5

      801b80146dc98d71f1e858ecb80a0ffb

    • SHA1

      e81e181133354fd8c83a58230e71887dbe406219

    • SHA256

      6aca09ff0ab2488bd827b04d268f0be01427c4bd42b8e457bf1b67b2d968b388

    • SHA512

      72dbeea7f9200824e91d08d859b758a897803bc0d8aabf00e8de43bb743c38c2fff30a59402c0a905e5cff6a9a9d4da339b3280a1405770e2757beaf0e716f0c

    Score
    3/10
    • Target

      WaveTrial/debug.log

    • Size

      1021KB

    • MD5

      cfc5b080feb698e7772a1e68b833f88e

    • SHA1

      4487c1fd0b419bafcf4662641a3eec11cf8dc765

    • SHA256

      45a5471b2b7155f39c51bb8ee1d509e60fd550bad8eda237b7c0a076ec8fdcfb

    • SHA512

      81d531aaee541b4ba4e1910f2595e7373ddf180714a1799233bd1fea95d6fbf405b09dece8fd3bc33e0cd42c0d71bb561ab6678bfa564695472a01045d143450

    • SSDEEP

      1536:gzGRtpqL9IfzBb5nZsIjhGhrLuc/o4njv74tlr/iQsxUfbExLYbTEB7SVJOFQh18:1sIjhy

    Score
    1/10
    • Target

      WaveTrial/dist/client/assets/codicon-71cccbf1.ttf

    • Size

      70KB

    • MD5

      d28098974f2b7d57f46d1672a3ccd985

    • SHA1

      1f9133d3abe06abd2f7af6209de11474b509e8a0

    • SHA256

      71cccbf15f547a7392f5f2e0ae0c42d5b64cb29ba690eb346b3cb2aa5e4a19e7

    • SHA512

      2359476de4fc85a88e39c665112d49d7b54a50d8b5878b894f5a69cec468be144c333d275de0dc515fd89dd62a811633d2060387df142e24a1709d5786ca0164

    • SSDEEP

      1536:bEKV6Ub+RL0IIeln//sxUSbulvAjjXYKFwzSfk0vZZbM:YvUb+RAHa/ExUsRXbazSfkuM

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks