Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
7Big tits a...ss.scr
windows7-x64
10Big tits a...ss.scr
windows10-2004-x64
10Choky Ice ...on.scr
windows7-x64
10Choky Ice ...on.scr
windows10-2004-x64
10Come Inside.scr
windows7-x64
10Come Inside.scr
windows10-2004-x64
10Ivana Suga...se.scr
windows7-x64
10Ivana Suga...se.scr
windows10-2004-x64
10Surprise f...oy.scr
windows7-x64
10Surprise f...oy.scr
windows10-2004-x64
10General
-
Target
438913cfe92dcb6c49815b9569051726_JaffaCakes118
-
Size
2.0MB
-
Sample
240514-3c6qgseb83
-
MD5
438913cfe92dcb6c49815b9569051726
-
SHA1
3e6f0a44e95af0aa67bab46400096c4cceec7218
-
SHA256
cdfe19379e080c3c2f41e76c4b253f9aefeeb6b2f87a348de0e66ed10991a132
-
SHA512
f69702897313244f23a39066fea970b90765fef7e0ee25aa2b02786989b07f0b7f05588b508bfdcf8da5d210bcac3096276877fc139bc79514642017b0eff7a1
-
SSDEEP
24576:JTk7jDDimR/sKYKB3DnmJTk6lKjblYr3TkhII+KTk9heYG4MqvTk1RSyiPFodmA:BkPj/xY3k4O4khdkSYG4Mqrk2Lodz
Behavioral task
behavioral1
Sample
Big tits and deep ass.scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Big tits and deep ass.scr
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Choky Ice And His Best Friend Max A Surprising Us With Great Threesome Action.scr
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Choky Ice And His Best Friend Max A Surprising Us With Great Threesome Action.scr
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Come Inside.scr
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Come Inside.scr
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Ivana Sugar Dp By Surprise.scr
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Ivana Sugar Dp By Surprise.scr
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Surprise for playful boy.scr
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
Surprise for playful boy.scr
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Big tits and deep ass.scr
-
Size
390KB
-
MD5
3559d4c2042aa3227b2a91144fe37895
-
SHA1
3be2f8d9fb14c4067d5952ff7938587dc040502a
-
SHA256
77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf
-
SHA512
c5aa263010a458433af7e39276ffa4438678fe85022f5679896491e979f76b51b0e3bd800e3d0ff5768102ccee0b746dfcf55158f7cf2c344feb4ccdc9e7f6de
-
SSDEEP
12288:ONWz1AUZbht1FGdX3lvnd64iJJpCeCslYrwS:OQzO8bhO2ZLlYrp
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Choky Ice And His Best Friend Max A Surprising Us With Great Threesome Action.scr
-
Size
597KB
-
MD5
a536b5697a2055366d279ddc989a8c40
-
SHA1
37caea17d1d1f700a9497726314964c841b087b5
-
SHA256
2fca538f9cdbf78491933a5f5ffd02f176c372de8f468fbcc8d6b2da682cead7
-
SHA512
e5ea92ab275fc8c36405e214a3cedc5845a2cfd76e4fe250a5edb1a2bc2335806a9f3ecab983934b6e5b8417980d3b8977ce038bf04acbeb9c461d8942adfdee
-
SSDEEP
12288:ONWz1AUZbht1FGdX3UCwWOXA4DmeLM9S6bnM9S6bnM9S6bnM9S6bnM9S6bnM9S:OQzO8bhOgB2UUUUUS
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Come Inside.scr
-
Size
521KB
-
MD5
e5a3b8e0ea5a54fdb1d408fe6a48bff5
-
SHA1
636cc09bdeb18fed338ce2a5082c79d4d258cf3b
-
SHA256
93b7e7810a3726a1c2a7f4eadcd8cbad7202ce9245f818d14c4bd5d2556346fe
-
SHA512
98fb147438a4a5f941e92003b8a7a448067571271727ac90470a949addfcef3061b27d554a904236a1e5d0f6a16790228a6b597df695e1f0b584c7b93cb47667
-
SSDEEP
12288:ONWz1AUZbht1FGdX3EDVsmfZ/al8ViJQPRHDVsmh:OQzO8bhOED6mB/aYYQ5HD6mh
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Ivana Sugar Dp By Surprise.scr
-
Size
353KB
-
MD5
eff52e89d1c8a06bf424aff28b223fa0
-
SHA1
0062481b5fd62fef7596f11e2f2ba03f7a16d003
-
SHA256
4d747b1bbd2ca3e220ecb10ed5dcdb082d6df4b020396dd3b0c5cdca1af66457
-
SHA512
fcc81714e286f6da7e6ef235f1264bb4a4009595031f78677ca3cd93d19e6ebb85034b271d1e9d71de3bf48ad29ed6a0247640993e1457bbc0578f54510f42c4
-
SSDEEP
6144:Ona2zAz+I6KcaPVHAuBWSbemainOQ3iAt1FGdX3/6PrawAuVvJqZz7i8qZ+Y2xrO:ONWz1AUZbht1FGdX3+O7uVvJqJi8qZjb
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Surprise for playful boy.scr
-
Size
265KB
-
MD5
0aa972fcaa5db5997da928a83fe621cb
-
SHA1
b38495c73b8e47248a6178beb46784684c8bd2d0
-
SHA256
f06884e38a06e26f6371523c1ee7bee5970814832bc6bfcca9a515e644b9fd01
-
SHA512
3d772922e3db741231614a6ccb298db0082f17ec9607f274bcfe653796efcf813bb0da06f3b329331a672e8cb6e5bf56375052fdf4f9bf83d68f26d7b95aca47
-
SSDEEP
6144:Ona2zAz+I6KcaPVHAuBWSbemainOQ3iAt1FGdX3/0+u76R4/d/3:ONWz1AUZbht1FGdX3c+X+/R
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2