Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    438913cfe92dcb6c49815b9569051726_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240514-3c6qgseb83

  • MD5

    438913cfe92dcb6c49815b9569051726

  • SHA1

    3e6f0a44e95af0aa67bab46400096c4cceec7218

  • SHA256

    cdfe19379e080c3c2f41e76c4b253f9aefeeb6b2f87a348de0e66ed10991a132

  • SHA512

    f69702897313244f23a39066fea970b90765fef7e0ee25aa2b02786989b07f0b7f05588b508bfdcf8da5d210bcac3096276877fc139bc79514642017b0eff7a1

  • SSDEEP

    24576:JTk7jDDimR/sKYKB3DnmJTk6lKjblYr3TkhII+KTk9heYG4MqvTk1RSyiPFodmA:BkPj/xY3k4O4khdkSYG4Mqrk2Lodz

Malware Config

Targets

    • Target

      Big tits and deep ass.scr

    • Size

      390KB

    • MD5

      3559d4c2042aa3227b2a91144fe37895

    • SHA1

      3be2f8d9fb14c4067d5952ff7938587dc040502a

    • SHA256

      77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf

    • SHA512

      c5aa263010a458433af7e39276ffa4438678fe85022f5679896491e979f76b51b0e3bd800e3d0ff5768102ccee0b746dfcf55158f7cf2c344feb4ccdc9e7f6de

    • SSDEEP

      12288:ONWz1AUZbht1FGdX3lvnd64iJJpCeCslYrwS:OQzO8bhO2ZLlYrp

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Windows security bypass

    • Disables Task Manager via registry modification

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • Target

      Choky Ice And His Best Friend Max A Surprising Us With Great Threesome Action.scr

    • Size

      597KB

    • MD5

      a536b5697a2055366d279ddc989a8c40

    • SHA1

      37caea17d1d1f700a9497726314964c841b087b5

    • SHA256

      2fca538f9cdbf78491933a5f5ffd02f176c372de8f468fbcc8d6b2da682cead7

    • SHA512

      e5ea92ab275fc8c36405e214a3cedc5845a2cfd76e4fe250a5edb1a2bc2335806a9f3ecab983934b6e5b8417980d3b8977ce038bf04acbeb9c461d8942adfdee

    • SSDEEP

      12288:ONWz1AUZbht1FGdX3UCwWOXA4DmeLM9S6bnM9S6bnM9S6bnM9S6bnM9S6bnM9S:OQzO8bhOgB2UUUUUS

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Windows security bypass

    • Disables Task Manager via registry modification

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • Target

      Come Inside.scr

    • Size

      521KB

    • MD5

      e5a3b8e0ea5a54fdb1d408fe6a48bff5

    • SHA1

      636cc09bdeb18fed338ce2a5082c79d4d258cf3b

    • SHA256

      93b7e7810a3726a1c2a7f4eadcd8cbad7202ce9245f818d14c4bd5d2556346fe

    • SHA512

      98fb147438a4a5f941e92003b8a7a448067571271727ac90470a949addfcef3061b27d554a904236a1e5d0f6a16790228a6b597df695e1f0b584c7b93cb47667

    • SSDEEP

      12288:ONWz1AUZbht1FGdX3EDVsmfZ/al8ViJQPRHDVsmh:OQzO8bhOED6mB/aYYQ5HD6mh

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Windows security bypass

    • Disables Task Manager via registry modification

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • Target

      Ivana Sugar Dp By Surprise.scr

    • Size

      353KB

    • MD5

      eff52e89d1c8a06bf424aff28b223fa0

    • SHA1

      0062481b5fd62fef7596f11e2f2ba03f7a16d003

    • SHA256

      4d747b1bbd2ca3e220ecb10ed5dcdb082d6df4b020396dd3b0c5cdca1af66457

    • SHA512

      fcc81714e286f6da7e6ef235f1264bb4a4009595031f78677ca3cd93d19e6ebb85034b271d1e9d71de3bf48ad29ed6a0247640993e1457bbc0578f54510f42c4

    • SSDEEP

      6144:Ona2zAz+I6KcaPVHAuBWSbemainOQ3iAt1FGdX3/6PrawAuVvJqZz7i8qZ+Y2xrO:ONWz1AUZbht1FGdX3+O7uVvJqJi8qZjb

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Windows security bypass

    • Disables Task Manager via registry modification

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • Target

      Surprise for playful boy.scr

    • Size

      265KB

    • MD5

      0aa972fcaa5db5997da928a83fe621cb

    • SHA1

      b38495c73b8e47248a6178beb46784684c8bd2d0

    • SHA256

      f06884e38a06e26f6371523c1ee7bee5970814832bc6bfcca9a515e644b9fd01

    • SHA512

      3d772922e3db741231614a6ccb298db0082f17ec9607f274bcfe653796efcf813bb0da06f3b329331a672e8cb6e5bf56375052fdf4f9bf83d68f26d7b95aca47

    • SSDEEP

      6144:Ona2zAz+I6KcaPVHAuBWSbemainOQ3iAt1FGdX3/0+u76R4/d/3:ONWz1AUZbht1FGdX3c+X+/R

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Windows security bypass

    • Disables Task Manager via registry modification

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks